Re: Jabber first time login - automatic

richard.priest · ‎01-29-2019

Hi,

I'm trying to get first time logins to Jabber to be automatic & use AD credentials. Is this possible with our version of call manager (10.5)

I have SSO working, so once the username @ domain is entered into the Jabber login box the client logs in automatically, any subsequent logins are also automatic. However if a user changes PC, (or when using a VDI session which isn't persistant) there would be a need to log into jabber every time you login.

We're using Server 2016 architecture, so are using ADFS4.0 I've followed the Kerberos guides for ADFS2.0, Jabber doesn't even attempt to login automatically (nothing in event viewer etc).

Any advice or assistance would be very much appreciated!

Cheers

Jonathan Schulenberg · ‎02-13-2019

Service Discovery uses the right hand side of the user’s UPN attribute to query for the the _cisco-uds DNS SRV record unless you set UPN_DISCOVERY_ENABLED=false as a command line switch during install.

Does the SRV record exist in the DNS zone of the user’s UPN?
Are they logged in as a domain user?

richard.priest · ‎02-13-2019

Thanks Jonathan, really appreciate the reply.

We've just installed Jabber 'as is' so there are no additional switches added during install.

We have _cisco-uds SRV records in DNS which point to our subscriber servers.

Users do login as a domain user, however if it makes a difference they all use the pre win2k logon names rather than UPN. For manual logins, we need to login via the pre 2k logon name @ domain

Ciscollab_Amit · ‎02-14-2019

With 10.5 what I tried and it worked was with jabber-config.xml file where you set the SSO enabled =True. Is there a possibility to share the Jabber PRT or jabber config file. That would give some more insights about the config's.

Cheers,

Amit

richard.priest · ‎02-14-2019

Hi Amit,

XML is pasted below. However I'm not sure that this would resolve anything, AIUI the client only pulls down the XML config after the user has already initiated login. I want Jabber to login automatically when a user logs into a PC for the very first time.

<config version="1.0"><Policies><EnableSIPUriDialling>true</EnableSIPUriDialling><EnableCallPickup>true</EnableCallPickup><EnableGroupCallPickup>true</EnableGroupCallPickup><EnableOtherGroupPickup>true</EnableOtherGroupPickup><EnableHuntGroup>true</EnableHuntGroup><EnableAccessoriesManager>true</EnableAccessoriesManager></Policies><Directory><SipUri>mail</SipUri><IMAddress>mail</IMAddress><UseSIPURIToResolveContacts>true</UseSIPURIToResolveContacts><PhotoSource>thumbnailPhoto</PhotoSource></Directory><Client><DockedWindowVisible>FALSE</DockedWindowVisible></Client><Options><Start_Client_On_Start_OS>true</Start_Client_On_Start_OS></Options></config>

Ciscollab_Amit · ‎02-14-2019

Ok. I overlooked the requirement then. You are correct. Is your CUCM above the minimum required version of 10.5.2. I see in your first statement that you have version 10.5 only? Can you extract the bootstrap from Jabber PRT and share? Are you able to login via the SSO to the CUCM End user page?

Cheers

Amit

richard.priest · ‎02-14-2019

How do I extract the bootstrap? Not something I've done before.

Regards to SSO to CUCM, yes that works perfectly.

I'm not 100% on the UC version, I'll double check, I'm pretty sure it's higher than 10.5.2, I'm on my phone at the minute, so it's not at hand to check

Ciscollab_Amit · ‎02-14-2019

Go to Settings>Help>Problem Report. Save the Problem report. In this zip file you should see bootstrap file with all the properties.

richard.priest · ‎02-14-2019

Ok, version is 10.5.2.17900-13

Pulled a bootstrap from the Jabber client I'm already logged into and had a poke around. Within jabber-bootstrap.properties I found the following line

upnDiscoveryEnabled: false

I'm guessing that this isn't helping in the slightest...… This install of jabber was just 'raw' there were no options selected. Do I need to re-install with a specific config?

Ciscollab_Amit · ‎02-14-2019

You need to either enable Services Domain switch or the UPN discovery switch in the MSI installer. If you set the UPN discovery parameter to false, then the UPN is not used to retrieve the user's domain, and the client prompts the user to enter credentials.

I am not sure about Standalone installation, however for MSI deployments the UPN parameter is by default set to ON. However you could modify this switch parameter to True and check the results.

In some deployments, it could be that one has to set this parameter (ServicesDomainSsoEmailPrompt) to OFF.

Cheers,

Amit

richard.priest · ‎02-15-2019

Hmmm,

I've uninstalled Jabber from a test machine rebooted and re-installed with ' msiexec.exe /i CiscoJabberSetup.msi /quiet UPN_DISCOVERY_ENABLED=true'

When checking the jabber-bootstrap.properties file it's still coming back with:

upnDiscoveryEnabled: false

Any idea why this switch isn't taking? From the instructions it should default to true anyway, so what could be causing it to be forced to false?

Ciscollab_Amit · ‎02-18-2019

maybe it needs an admin privelege.

richard.priest · ‎02-22-2019

Sorry for the slow reply. Finally managed to figure the issue out thanks to all your help!

I had to add the following to the install script to force it to take the config:

msiexec.exe /i CiscoJabberSetup.msi CLEAR=1 UPN_DISCOVERY_ENABLED=true CLICK2X=DISABLE

Now Jabber logs in automatically perfectly whether the user is brand new or has used the machine previously

Thanks again everyone!

Gengad · ‎05-20-2019

I found a way to do it, please follow these steps, also visit Cisco Website for more details.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/12_6/cjab_b_on-prem-deployment-cisco-jabber_12-6/cjab_b_on-prem-deployment-cisco-jabber_12-6_chapter_010000.html

Put Jabber App Software in Temp folder

cmd

C:\>cd temp

C:\Temp>runas /user:????\Name "msiexec /i CiscoJabberSetup.msi CLEAR=1 EXCLUDED_SERVICES=CUCM"
Enter the password for ????\Name: Enter the password

Jabber will not do automatic login