01-29-2019 03:21 AM - edited 03-17-2019 07:49 PM
Hi,
I'm trying to get first time logins to Jabber to be automatic & use AD credentials. Is this possible with our version of call manager (10.5)
I have SSO working, so once the username @ domain is entered into the Jabber login box the client logs in automatically, any subsequent logins are also automatic. However if a user changes PC, (or when using a VDI session which isn't persistant) there would be a need to log into jabber every time you login.
We're using Server 2016 architecture, so are using ADFS4.0 I've followed the Kerberos guides for ADFS2.0, Jabber doesn't even attempt to login automatically (nothing in event viewer etc).
Any advice or assistance would be very much appreciated!
Cheers
02-13-2019 08:34 PM
02-13-2019 11:28 PM
Thanks Jonathan, really appreciate the reply.
We've just installed Jabber 'as is' so there are no additional switches added during install.
We have _cisco-uds SRV records in DNS which point to our subscriber servers.
Users do login as a domain user, however if it makes a difference they all use the pre win2k logon names rather than UPN. For manual logins, we need to login via the pre 2k logon name @ domain
02-14-2019 02:59 AM - edited 02-14-2019 02:59 AM
With 10.5 what I tried and it worked was with jabber-config.xml file where you set the SSO enabled =True. Is there a possibility to share the Jabber PRT or jabber config file. That would give some more insights about the config's.
Cheers,
Amit
02-14-2019 08:28 AM
Hi Amit,
XML is pasted below. However I'm not sure that this would resolve anything, AIUI the client only pulls down the XML config after the user has already initiated login. I want Jabber to login automatically when a user logs into a PC for the very first time.
<config version="1.0"><Policies><EnableSIPUriDialling>true</EnableSIPUriDialling><EnableCallPickup>true</EnableCallPickup><EnableGroupCallPickup>true</EnableGroupCallPickup><EnableOtherGroupPickup>true</EnableOtherGroupPickup><EnableHuntGroup>true</EnableHuntGroup><EnableAccessoriesManager>true</EnableAccessoriesManager></Policies><Directory><SipUri>mail</SipUri><IMAddress>mail</IMAddress><UseSIPURIToResolveContacts>true</UseSIPURIToResolveContacts><PhotoSource>thumbnailPhoto</PhotoSource></Directory><Client><DockedWindowVisible>FALSE</DockedWindowVisible></Client><Options><Start_Client_On_Start_OS>true</Start_Client_On_Start_OS></Options></config>
02-14-2019 08:46 AM - edited 02-14-2019 09:31 AM
Ok. I overlooked the requirement then. You are correct. Is your CUCM above the minimum required version of 10.5.2. I see in your first statement that you have version 10.5 only? Can you extract the bootstrap from Jabber PRT and share? Are you able to login via the SSO to the CUCM End user page?
Cheers
Amit
02-14-2019 09:37 AM
How do I extract the bootstrap? Not something I've done before.
Regards to SSO to CUCM, yes that works perfectly.
I'm not 100% on the UC version, I'll double check, I'm pretty sure it's higher than 10.5.2, I'm on my phone at the minute, so it's not at hand to check
02-14-2019 10:30 AM
02-14-2019 12:33 PM
Ok, version is 10.5.2.17900-13
Pulled a bootstrap from the Jabber client I'm already logged into and had a poke around. Within jabber-bootstrap.properties I found the following line
upnDiscoveryEnabled: false
02-14-2019 03:19 PM
You need to either enable Services Domain switch or the UPN discovery switch in the MSI installer. If you set the UPN discovery parameter to false, then the UPN is not used to retrieve the user's domain, and the client prompts the user to enter credentials.
I am not sure about Standalone installation, however for MSI deployments the UPN parameter is by default set to ON. However you could modify this switch parameter to True and check the results.
In some deployments, it could be that one has to set this parameter (ServicesDomainSsoEmailPrompt) to OFF.
Cheers,
Amit
02-15-2019 01:25 AM
Hmmm,
I've uninstalled Jabber from a test machine rebooted and re-installed with ' msiexec.exe /i CiscoJabberSetup.msi /quiet UPN_DISCOVERY_ENABLED=true'
When checking the jabber-bootstrap.properties file it's still coming back with:
upnDiscoveryEnabled: false
Any idea why this switch isn't taking? From the instructions it should default to true anyway, so what could be causing it to be forced to false?
02-18-2019 06:36 AM
maybe it needs an admin privelege.
02-22-2019 04:58 AM
Sorry for the slow reply. Finally managed to figure the issue out thanks to all your help!
I had to add the following to the install script to force it to take the config:
msiexec.exe /i CiscoJabberSetup.msi CLEAR=1 UPN_DISCOVERY_ENABLED=true CLICK2X=DISABLE
Now Jabber logs in automatically perfectly whether the user is brand new or has used the machine previously
Thanks again everyone!
05-20-2019 06:38 AM
I found a way to do it, please follow these steps, also visit Cisco Website for more details.
Put Jabber App Software in Temp folder
cmd
C:\>cd temp
C:\Temp>runas /user:????\Name "msiexec /i CiscoJabberSetup.msi CLEAR=1 EXCLUDED_SERVICES=CUCM"
Enter the password for ????\Name: Enter the password
Jabber will not do automatic login
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: