cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

AMA-CUCM Troubleshooting: Best Practices for Reading Trace Files

7738
Views
10
Helpful
17
Replies
Beginner

Cisco Jabber SSO Timeout

Hi Babu
Jabber with SAML SSO -- when you let the PC run over nights and days without shutdown
then you get some day a message that the session has timed out.

You have to shutdown and start again jabber for successful Login.
How can this issue be adressed ?
Kind regards
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

You should be getting a

You should be getting a message saying the session is expired and do you wish to renew .Aren't you getting this ?

17 REPLIES 17
Cisco Employee

You should be getting a

You should be getting a message saying the session is expired and do you wish to renew .Aren't you getting this ?

Beginner

I only get message that

I only get message that session is expired - Jabber is still connected, it seems but is not registered anymore. You have to shutdown and start jabber again.

When does this timeout occur ? is there a time to check Setting ? We have SSO - when a session is timeing out - customer assumes that it should reconnect automatically.

any idea ?

Kind regards

Beginner

Is there any known solution

Is there any known solution for this sso Problem ?

Beginner

I have the same issue...I am

I have the same issue...I am hoping there is. I just opened a ticket with Cisco asking about the "Token Session Timeout". I found that you can change this in the documentation but they do not mention where to do so. I will keep you posted once I hear back.

Beginner

Re: I have the same issue...I am

Hi!

 

I hope you are doing well.

 

Have you found a solution for this issue ?

Cisco Employee

There are 4 timers to be

There are 4 timers to be considered 1. Idp Idle timeout (A timeout after which terminate a session after a certain amount of inactivity) Where to set : Idp Recommended Value - 8 Hours 2. Absolute Timeout (A timeout after which a session is closed no matter there is user activity or not.) Where to set : Idp Recommended Value - 48 Hours 3. Application session timeout Where to set : CUCM Recommended Value - 30 Minutes ( default) from CLI set webapp session timeout 30 4. OAuth Token Where to set : CUCM Recommended Value - 60 Minutes (default) OAUTH Token Expiry Timer Required Field under Enterprise parameters-->SSO configuration
Beginner

Re: There are 4 timers to be

Hi

I couldn't find  number 3. Application session timeout Where to set : CUCM Recommended Value - 30 Minutes ( default) from CLI set webapp session timeout 30.

 

Please ket me know where is it in CUCM 11.5.

 

Thanks!

 

Shachar

Advisor

Re: There are 4 timers to be

Hi,

 

the range is from 5 - 99999 minutes. So, u won't be  able to enter value 4.

set webapp session timeout minutes

Syntax Description

Parameters Description
minutes
Specifies the time, in minutes, that can elapse before a web application times out and logs off the user.
  • Value range: 5-99999 minutes

     

  • Default value: 30 minutes

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/cli_ref/11_5_1/cucm_b_cli-reference-guide-release-1151su3/cucm_b_cli-reference-guide-release-1151su3_chapter_0110.html

 

regds,

aman

Beginner

Re: There are 4 timers to be

Hi Aman!

Thanks for the quick answer.

Does it affect Cisco Jabber ?
What is the difference between "webapp session timeout" and OAuth Token

Regards,
Shachar
Advisor

Re: There are 4 timers to be

Hi,

 

Jabber login has nothing to do with this command.

 

what do u mean by OAuth Token?

 

regds,

aman

Beginner

Re: There are 4 timers to be

Hi Aman,

 

This discussion is regarding Jabber in SSO deployment and we have the same problem as reindl_mc had.

 

We have deployed Jabber with SSO at one of our customers (CUCM 10.5 / ADFS).

After approximately 6 days from each login that a user is made the Jabber or the ADFS ends the session.

In the Jabber's Error Notifications we can see the "session has timed out"error.

 

Image result for CJ:1000:606

 

A.M.Mahesh Babu mention couple of things that can be relevant: 

 

 We should be getting a message saying the session is expired and do you wish to renew - We don't get that message 

 

He also mention the 4 timers that can be relevant:

 

ADFS

- IDP Idle Timeout

- IDP Absolute Timeout

 

CUCM

- OAuth Token

Application session timeout 

 

Regarding the ADFS - I found the IDP Idle Timeout that was configured to 8 Hours

But not the IDP Absolute Timeout (Which could defanatliy could be the reason for this problem)

 

regarding the CUCM i couldn't understand how is the Application session timeout configuration is related to the SSO at the Jabber

 

Best regards,

 

Shachar

 

Advisor

Re: There are 4 timers to be

Hi ,

 

I won't be able to help u on the same.

 

I suppose u are already in touch with Cisco TAC Engr. So, u can take assistance from him.

 

regds,

aman

Enthusiast

Re: There are 4 timers to be

Did you find the answer to this? I keep getting error CJ:1000:606 Session Timeout as well. I need to manually reextend my session every 60 minutes, which I figure should be done automatically in the background.

Contributor

Re: Cisco Jabber SSO Timeout

Hi there is any updates for this issue?

Please share the TAC number if exist..

I have the same on jabber 12.0(1) with cucm 11.5(1)su2 and ADFS

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards