cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2576
Views
0
Helpful
4
Replies

Client authentication in Collaboration Edge/ MRA

Hello

Could someone help with the following question?

When does a Jabber client get authenticated? 

My understanding is that when a Jabber device on the Internet accesses (to log on) the expressway-E,  only the server (Expressway-E) is authenticated (using the public CA certificate in the Jabber device).

Is this correct? If yes, does the Jabber device/user get authenticated when the device attempts to register with the CUCM  ? 

 

Thanks in advance,

/Baktha

Dimension Data.

1 ACCEPTED SOLUTION

Accepted Solutions
shawnangelo
Beginner

In the case of Jabber/CUCM/Expressway deployment, during the initial connection between the Jabber client and the Expressway Edge server, there is a key/cert exchange/handshake that creates a secure communications channel between the two. At this point Jabber client securely passes credentials to the Expressway Edge, and it passes these through to the Expressway Core, the Core then provides the credentials to the CUCM server (which in turn challenges the authentication against its local user database or LDAP, whichever is in use) and then returns an Authenticated message to the Expressway Core, which sends it to the Expressway Edge, which in turn tells the Jabber client it has successfully authenticated.

This leaves out some of the deeper technical details, but does this answer your question?

Also, the statements above can be different for a VCS (not Expressway Series) deployment as there are multiple authentication options. This would also be regarding endpoints and Jabber Video for TelePresence, and not "regular" Jabber.

View solution in original post

4 REPLIES 4
shawnangelo
Beginner

In the case of Jabber/CUCM/Expressway deployment, during the initial connection between the Jabber client and the Expressway Edge server, there is a key/cert exchange/handshake that creates a secure communications channel between the two. At this point Jabber client securely passes credentials to the Expressway Edge, and it passes these through to the Expressway Core, the Core then provides the credentials to the CUCM server (which in turn challenges the authentication against its local user database or LDAP, whichever is in use) and then returns an Authenticated message to the Expressway Core, which sends it to the Expressway Edge, which in turn tells the Jabber client it has successfully authenticated.

This leaves out some of the deeper technical details, but does this answer your question?

Also, the statements above can be different for a VCS (not Expressway Series) deployment as there are multiple authentication options. This would also be regarding endpoints and Jabber Video for TelePresence, and not "regular" Jabber.

View solution in original post

Shawn,

Thank you for the reply/answer! It helps. Guess the client authentication sort of, doesn't happen as part of the initial TLS handshake (between the Jabber device and expressway-E).

/Baktha

Hi,

You can refer to this document I wrote to under more detail about the whole jabber MRA process..

https://supportforums.cisco.com/document/12302441/jabber-mracollaboration-edge-detailed-call-fow

Please rate all useful posts

Thanks Ayodeji, for the very useful document!

Create
Recognize Your Peers
Content for Community-Ad