Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1113
Views
0
Helpful
0
Replies

ADFS SAML / CSCuj66703 - Fails due to signing certificate mis-match

Thiago Perrini
Level 4
Level 4

‎02-12-2020 12:33 AM

Very sad that we have February 2020 and we are still facing this BUG CSCuj66703 with CUCM/Unity Cluster. 

If you have to renew the ADFS certificates in MS Server you have the possibility to have a primary and secondary Token signing certificate. Today CUCM/Unity can not handle that. When you have a primary and secondary token signing certificate and renew the certificate you got an error message "Error while processing SAML Response" . 

The workaround is to edit the federation xml file and delete the second certificate manualy, that is very odd.

 

In our case we found a better way to handle that problem. If you have the possibility delete the (old) second Token signing/decrypting. Then download the new ADFS Meta trust file, with just one Token signing certificate. 

 

error_while_processing_saml_response.png

Please add support for Auto Certificate Rollover or add at least support for two Token Signing Certificates in CUCM version 14.

 

Thx and Best Regards

Thiago

6 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents