Hey

Yes, SSO and UDS are two different features but if you follow the auto-discovery process on the jabber client you will find out that jabber uses discovered UDS server for discovering SSO enable severs.

Process:

1. Jabber query /cucm-uds/servers on home cluster

2. Jabber uses that server list to discover if some of those severs are SSO enable

Then both features are interlinked (on the discovery process at least).

- Alex

I think you may have missed a step there..Jabber uses a different query to discover if SSO is supported. It uses the /cucm-uds/version query which happens immediately after the UDS discovery against DNS (different from the actual UDS servers discovered for the cluster)

Here is the query..

https://dmark-cucmsub.brambie.com:8443/cucm-uds/version

Here is the response to the query with the uds version..

Response body: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><versionInformation version="9.1.2" uri="https://dmark-cucmsub.brambie.com:8443/cucm-uds/version"><name>Cisco User Data Service</name><version>9.1.2</version><installedProducts><product>Cisco Unified Communications Manager</product><product>Cisco Enterprise License Manager</product></installedProducts></versionInformation>

+++Now here is jabber saying the UDS version doesn't support SSO+++

[ucm90::UdsUtilities::isLegacyUcm] - Uds Version (Legacy): 9.1.2
 [ucm90::UdsProvider::makeSSOEnabledRequest] - The home uds cluster's Cucm version '9.1.2' does not support SSO detection

Hi

That's only to discover if SSO is supported on the back end but after that it will go over each individual UDS server to find if SSO is enable.

Exact steps are:

1. Jabber query /cucm-uds/servers on home cluster to get UDS List

2. Jabber check is SSO is supported on each sever on UDS list. (using the link you provided)

3. If SSO is supported. Jabber uses that server list to discover if some of those severs on the UDS list have SSO enable

Then both features are interlinked (on the discovery process at least).

 - Alex

Yea,  there is a certificate issue that I am trying to avoid with one  UDS servers.

I haven't used SSO but here is what I know, jabber randomly connects to the list of UDS servers discovered from the home cluster. Even when you disable UDS services on a cucm server, jabber still discovers it during the UDS discovery. I had an issue also with certs recently and I wanted to see if I could exclude a server from the uds discovery so jabber doesn't do a secure connection to it to download user devices, but I had no luck. 

Sharing your bad luck here. :(

I had it in mind to query TAC on this. To see if we can exclude a server from the UDS discovery. I will do it now and update you

Nice,

Thanks :)

What it is interesting is that sso discovery can not be disable neither  this UDS discovery mechanism.

I have asked the TAC guy, he will verify and come back to me on this also. Lets see what he says

The answer is no since SSO is enabled cluster wide not per server