cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3229
Views
15
Helpful
10
Replies

Jabber and automatic login Windows 7

tonyperschall
Level 1
Level 1

Goal: To install the Jabber client 11.1.1 to our Windows 7 image and have it so that when a user logs in for the first time, Jabber grabs either their email address from active directory or username/password and auto signs in.

We have CUCM 10.5 with IM &Presence and Prime Provisioning servers.  We have Windows Server 2008 with Active Directory and are trying to deploy Jabber to the base image for Windows 7.  I have already gone the SAML Single Sign on route using ADFS 2.0 and got it to function, but it is still not automatic requiring user login to Jabber everytime the log back into Windows.

Is there a simple way to modify the .MSI install or the jabber-config-defaults.xml file or similar to make this work?  Please help, I have been trying for weeks and have been researching every avenue I can think of.

Thank you,

Tony

10 Replies 10

Chris Deren
Hall of Fame
Hall of Fame

See if you have Kerberos authentication enabled on the workstation, some useful guides:

http://www.cisco.com/c/en/us/support/docs/security-vpn/kerberos/118841-configure-kerberos-00.html

http://www.cisco.com/c/en/us/support/docs/unified-communications/jabber-windows/118773-configure-kerberos-00.html

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_5/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber/deployment_scenarios.html

Hi Chris Deren,

I have also the same objective to achive but the thing is that client is not agreeing on Kerberos authentication since their core Oracle application will be impacted if it will be configured.

Asked Cisco and they responded that "There are so many third party applications that integrates with jabber/cucm/AD and certified with cisco to acheive SSO, if you can't use the cisco built in SSO solutions."

any suggestions will be appriciated.


Regards,

Farrukh

Cisco supports SAML 2.0 SSO, there is NO CISCO SSO, they always integrate with 3rd party SSO infastructure such as MSFT AFDS and others, but they have to be SAML 2.0 based. So not sure what you and your Cisco contact is stating, as that that has and will be the case to always use 3rd party SSO solution.

Chris,

Thank you for the response.  I will look into these options as well. 

In the meantime, I have abandoned the SAML SSO option and turned it off in Cisco and I have been able to tweak the jabber config file located at C:\Program Files (x86)\Cisco Systems\Cisco Jabber\jabber-config-defaults.xml and got it to pull in the username automatically, just not the password yet.  If the password is typed into and the checkbox "sign me in when Cisco Jabber starts" is checked, it continues to work even after rebooting computer, however we are trying to get it where the user does not have to enter a password or check the box at all.  Here is what I added to the config file to get the username part pulling down:

<!-- Directory -->
   <DirectoryServerType>EDI</DirectoryServerType>
   <ConnectionType>0</ConnectionType>
   <PrimaryServerName>Our domain name</PrimaryServerName>
   <UseWindowsCredentials>1</UseWindowsCredentials>
   <UseSecureConnection>1</UseSecureConnection>
   <CommonName>cn</CommonName>
   <DisplayName>displayName</DisplayName>
   <FirstName>givenName</FirstName>
   <LastName>sn</LastName>
   <EmailAddress>mail</EmailAddress>
   <SipUri>msRTCSIP-PrimaryUserAddress</SipUri>
   <PhotoSource>thumbnailPhoto</PhotoSource>
   <BusinessPhone>telephoneNumber</BusinessPhone>
   <MobilePhone>mobile</MobilePhone>
   <HomePhone>homePhone</HomePhone>
   <OtherPhone>otherTelephone</OtherPhone>
   <Title>title</Title>
   <CompanyName>company</CompanyName>
   <UserAccountName>sAMAccountName</UserAccountName>
   <DomainName>userPrincipalName</DomainName>
   <Location>co</Location>
   <Nickname>Nickname</Nickname>
   <PostalCode>postalCode</PostalCode>
   <City>l</City>
   <State>st</State>
   <StreetAddress>streetAddress</StreetAddress>
   <BaseFilter>(&amp;(objectCategory=person))</BaseFilter>
   <PredictiveSearchFilter>anr=</PredictiveSearchFilter>
   <DisableSecondaryNumberLookups>0</DisableSecondaryNumberLookups>
   <SearchTimeout>5</SearchTimeout>
   <UseWildcards>0</UseWildcards>
   <MinimumCharacterQuery>3</MinimumCharacterQuery>
   <SearchBase1>Path to our OU</SearchBase1>
   <PhotoUriSubstitutionEnabled>false</PhotoUriSubstitutionEnabled>
   <UseSIPURIToResolveContacts>false</UseSIPURIToResolveContacts>

Does anyone have any suggestions on how to get the password to pull down from active directory and to automatically have the check box selected for "sign me in when Cisco Jabber starts"?

(+5 to Chris)

This is the point of Kerberos authentication with SSO. Kerberos utilize the fact that the user is logged in to Active Directory. You will get rid of the username/password prompt at the SSO server and instead let the web browser use the Kerberos authentication of the Windows Domain.

There is no mechanism to pull down password automatically.

Also you dont need to do anything to get jabber to use the UPN (user pricipal name ) to login. This is done by default especially in vs 11.0 and above..Jabber grabs this from your pc.

Please rate all useful posts

Thanks Deji for rating but I think you forgot to actually do it :-)

+5 to you for articulate explanation.

chris

My bad Chris..You are right..Done :)

Please rate all useful posts

Thank you Ayodeji for the response.  Yes, the UPN didn't pull down when we had Jabber 10, but once we grabbed the latest version, UPN started to work.

As far as the Kerberos authentication and web browser, I had that part working when single sign on was turned on, but again this was only for the web browser functionality for logging into the Cisco Communications Manager or IM and Presence, not for Jabber.  My goal is to have Jabber automatically login, not the web browser.  SSO and ADFS would bring me to an ADFS login page for jabber, and would work, but every time the user logs out of Windows and back in, they have to re-enter their username and password which kind of defeats purpose of single sign on.

You must have missed something in the configuration. I am attaching the a lab guide which documents step by step what you need to do to get this working...

Use it to deploy your SSO and enable kerberos authentication.

Please rate all useful posts

Thank you for the document.  Very informative.  Very similar to some of the steps I had done before with saml sso setup. Will give this a try when I can.  Also, very new to Cisco so it will be a learning curve for me.