cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
349
Views
0
Helpful
12
Replies
Highlighted
Beginner

Jabber Windows OAuth

expert,

 

If we just need to make sure password change on AD reflect to Jabber Desktop/Windows ( reduce the helpdesk call to reset Jabber password) ,we just need to enable Jabber OAuth ?  and no need SSO?

 

Also when we enable "Jabber OAuth" and disable it back, is there any impact to certificate or anything?

 

thanks,

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Cisco Employee

I don't think you understand what OAuth is, based on what you're asking and how you're phrasing it, suggest you thoroughly review this doc:

https://community.cisco.com/t5/collaboration-voice-and-video/understanding-oauth-and-mra/ta-p/4069744

 

And spend some time on google searching resources on OAuth Vs. SSO and then, come back and rephrase your question if needed if you still have doubts after doing some research on OAuth and SSO.

HTH

java

if this helps, please rate

View solution in original post

12 REPLIES 12
Highlighted
Hall of Fame Cisco Employee

I don't think you understand what OAuth is, based on what you're asking and how you're phrasing it, suggest you thoroughly review this doc:

https://community.cisco.com/t5/collaboration-voice-and-video/understanding-oauth-and-mra/ta-p/4069744

 

And spend some time on google searching resources on OAuth Vs. SSO and then, come back and rephrase your question if needed if you still have doubts after doing some research on OAuth and SSO.

HTH

java

if this helps, please rate

View solution in original post

Highlighted

hi Jamie/Roger.

 

I use  LDAP for Jabber windows, but still every  3 months , when user change Outlook AD password.  Jabber will then ask for update on new password for "Contact Service" and "Phone Services'.

 

I hear Jabber Oauth will fix this issue?  so whatever we change on Outlook AD password, will automatically reflect to Jabber "Phone service".

 

thanks,

Highlighted

Thank you Jaime, i read the doc, it answer my question.   Actually my scenario is to automatically update "Phone service" password, wjoch is done by token per the explanation.  

Highlighted

Without SSO your not going to get much change in user UX. When the OAuth token expires after a password change the user would still need to provide the new password.

Please rate all useful posts
Highlighted
Advocate

Jabber as such in a CM integration does not have it’s own password. At least if you’re using LDAP directory synchronisation and authentication in CM. Based on your phrasing I assume this is what you have.

As Java wrote you need to do some studies on the topic around OAuth and SSO.

Please rate all useful posts
Highlighted

hi Roger,

 

I understand this & used LDAP.  However when you change 3 months password on Outlook AD, Jabber will still ask for new password.

 

Thanks,

Highlighted

Have you done Jabber Oath before?  

Highlighted

Yes we use SSO with OAuth refresh tokens. What you describe is the expected experience without SSO. If you enable SSO you won’t get the save user credentials in Jabber, this is what is triggering the need to update the credentials after password change in AD.

Please rate all useful posts
Highlighted

hi Roger,

 

Thanks.  However in this document from Jaime, https://community.cisco.com/t5/collaboration-voice-and-video/understanding-oauth-and-mra/ta-p/4069744.

 

It said , after we enable OAuth ( no need SSO) , then we will not need to update credentials anymore after password change.

 

So just confirm, do we need OAuth + SSO    or just OAuth  for that?

 

Thanks.

Highlighted

From what I know you would need to provide the credentials initial once OAuth is setup and any time after the password has changed when the OAuth token expires. That is if you don’t also have SSO setup. With SSO this becomes seamless to the user with no need to update any credentials.

I read the document before and now again one more time and I can’t find any mention of the part you reference, aka that it says no need for SSO to not need to update password. Would you mind to point out the specific part where you see that?

Depending upon your setup of SSO and what platform you would use Jabber on the UX for the initial login with SSO might be slightly different.

Please rate all useful posts
Highlighted

hi Roger,

 

what can cause token to expired  after initial setup ?  as I dont have SSO.

 

tks

Highlighted

The token has a lifetime. If using refresh tokens it’s by default set to expire after 60 days. If you don’t use refresh tokens it would be much shorter lifespan as then it’s an access token. I believe it has a default lifetime of 60 minutes, but not totally sure.

Please rate all useful posts