ADFS SAML / CSCuj66703 - Fails due to signing certificate mis-match
Very sad that we have February 2020 and we are still facing this BUG CSCuj66703 with CUCM/Unity Cluster.
If you have to renew the ADFS certificates in MS Server you have the possibility to have a primary and secondary Token signing certificate. Today CUCM/Unity can not handle that. When you have a primary and secondary token signing certificate and renew the certificate you got an error message "Error while processing SAML Response" .
The workaround is to edit the federation xml file and delete the second certificate manualy, that is very odd.
In our case we found a better way to handle that problem. If you have the possibility delete the (old) second Token signing/decrypting. Then download the new ADFS Meta trust file, with just one Token signing certificate.
Please add support for Auto Certificate Rollover or add at least support for two Token Signing Certificates in CUCM version 14.
Guided workflow allows for automated troubleshooting cases (non-RMA) and RMA creation process for Service Requests (SR) opened for Cisco products.
Less troubleshooting - the IRE (Intelligent RMA Experience) Prediction Engine does ...
1. Asset Recovery EMEAR - Scope2. Cisco Returns Portal – Quick Overview3. Update your RMA – Options and Walkthrough4. POWR Tool and How to Return - Quick guide and Scenarios5. Returned but not closed - Frequent Scenarios6. I cannot return my faulty part. ...
Full analysis if the problem
The root cause behind this problem is the delay in sync between CUCM and CCX.
CCX and CUCM has an automated sync mechanism which might vary from 5 - 10 minutes based on various parameters.
Also there is an option to sync...