01-14-2020 11:34 PM
Hi,
We are using the latest version of Cisco Jabber (12.7.2.300423) over MRA, CUCM 12.5. This session expiry issue is killing the success of entire project. We have integration with MS AD for user authentication and some local users as well. Both are experiencing the same issue so it rules out the ADFS as the cause.
The problem is intermittent and unpredictable. At times, session expires 5-6 times a day and sometimes it lasts for many days. There are many threads related to this issue but no conclusive solution seen.
Regards
Saif
01-15-2020 06:22 AM
Are you using oAuth?
01-15-2020 06:57 AM
Yes, we do use OAuth.
01-15-2020 10:02 AM
What values do you have for it?
01-15-2020 10:18 AM
1440 minutes (changed from default 60 minutes)
60 Days (default)
06-09-2020 06:25 AM
i am running into a similar issue. Mobile jabber via MRA using LDAP & oauth (No SSO).
Did you ever find a fix?
06-10-2020 12:23 AM
Yes, we did fix this issue.
After making the changes to the timers in the CUCM service parameters, you need to go to the EXP-C and refresh the CM Servers. Configuration-->Unified Communication-->CM Servers, select the CUCM servers and refresh. Do the same for the IM&P servers as well.
Saif
07-13-2021 10:33 AM
Hello Miyaji,
I have the same issue, where is that configuration into the CUCM (default 60 minutes)?
Thank you
07-14-2021 01:15 AM
Goto Callmanager ---> Enterprise Parameters ---> Search "Jabber OAuth Refresh Token Expiry Timer (days)" for and change the value.
07-14-2021 07:07 AM
Thank you so much.
07-27-2021 04:57 AM
I cannot see this parameter in Enterprise Parameters Configuration .
The only Jabber parameter is:
Cisco Jabber
Never Start Call with Video Required Field
Thanks,
03-23-2022 10:59 PM
It is under Enterprise Parameters Configuration > SSO and OAuth Configuration
04-04-2022 05:58 AM
They're referring to oAuth parameters that are cluster-wide for the UCM.
In my experience, this frequent "your session has expired" is not caused by something requiring you to increase the timeout values. If you look at the client logs, you may find that Jabber is trying to refresh itself against an endpoint it can't reach. That could be as a UCM node is down, or it was not added to firewall policy to allow the client to reach it.
The authentication token issued by your IdP - in this case ADFS - may expire in a very short time frame if your administrators have changed from the default (which I believe is 8 hours). If Jabber fails to refresh, I believe it will want to re-authorize itself but that IdP token won't be any good. Still shouldn't happen every few hours but it absolutely will if a UCM / IMP node is down when that 60 minute timer hits its watermark and fires.
04-11-2022 04:50 AM
Thanks Adam for the explanation.
Accordingly, there has to be a combination of 2 factors for this timeout/session expire to take place
1. Token expired
2. And at the same time, lost the connectivity to the UCM/IMP
Its too rare to occur repeatedly.
Saif
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide