Re: Cisco Jabber "Your session has expired"

saifuddin.miyaji · ‎01-14-2020

Hi,

We are using the latest version of Cisco Jabber (12.7.2.300423) over MRA, CUCM 12.5. This session expiry issue is killing the success of entire project. We have integration with MS AD for user authentication and some local users as well. Both are experiencing the same issue so it rules out the ADFS as the cause.

The problem is intermittent and unpredictable. At times, session expires 5-6 times a day and sometimes it lasts for many days. There are many threads related to this issue but no conclusive solution seen.

Regards

Saif

Jaime Valencia · ‎01-15-2020

Are you using oAuth?

HTH

java

if this helps, please rate

saifuddin.miyaji · ‎01-15-2020

Yes, we do use OAuth.

Jaime Valencia · ‎01-15-2020

What values do you have for it?

HTH

java

if this helps, please rate

saifuddin.miyaji · ‎01-15-2020

1440 minutes (changed from default 60 minutes)

60 Days (default)

Frank · ‎06-09-2020

i am running into a similar issue. Mobile jabber via MRA using LDAP & oauth (No SSO).

Did you ever find a fix?

saifuddin.miyaji · ‎06-10-2020

Yes, we did fix this issue.

After making the changes to the timers in the CUCM service parameters, you need to go to the EXP-C and refresh the CM Servers. Configuration-->Unified Communication-->CM Servers, select the CUCM servers and refresh. Do the same for the IM&P servers as well.

Saif

Jose Lopez · ‎07-13-2021

Hello Miyaji,
I have the same issue, where is that configuration into the CUCM (default 60 minutes)?

Thank you

saifuddin.miyaji · ‎07-14-2021

Goto Callmanager ---> Enterprise Parameters ---> Search "Jabber OAuth Refresh Token Expiry Timer (days)" for and change the value.

Jose Lopez · ‎07-14-2021

Thank you so much.

ziqex · ‎07-27-2021

I cannot see this parameter in Enterprise Parameters Configuration .

The only Jabber parameter is:

Cisco Jabber
Never Start Call with Video Required Field

Thanks,

fei he · ‎03-23-2022

It is under Enterprise Parameters Configuration > SSO and OAuth Configuration

Adam Pawlowski · ‎04-04-2022

They're referring to oAuth parameters that are cluster-wide for the UCM.

In my experience, this frequent "your session has expired" is not caused by something requiring you to increase the timeout values. If you look at the client logs, you may find that Jabber is trying to refresh itself against an endpoint it can't reach. That could be as a UCM node is down, or it was not added to firewall policy to allow the client to reach it.

The authentication token issued by your IdP - in this case ADFS - may expire in a very short time frame if your administrators have changed from the default (which I believe is 8 hours). If Jabber fails to refresh, I believe it will want to re-authorize itself but that IdP token won't be any good. Still shouldn't happen every few hours but it absolutely will if a UCM / IMP node is down when that 60 minute timer hits its watermark and fires.

saifuddin.miyaji · ‎04-11-2022

Thanks Adam for the explanation.

Accordingly, there has to be a combination of 2 factors for this timeout/session expire to take place

1. Token expired

2. And at the same time, lost the connectivity to the UCM/IMP

Its too rare to occur repeatedly.

Saif