Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3832
Views
0
Helpful
12
Replies

Jabber Windows OAuth

Go to solution
test60
Level 1
Level 1

‎10-16-2020 02:19 PM

expert,

 

If we just need to make sure password change on AD reflect to Jabber Desktop/Windows ( reduce the helpdesk call to reset Jabber password) ,we just need to enable Jabber OAuth ?  and no need SSO?

 

Also when we enable "Jabber OAuth" and disable it back, is there any impact to certificate or anything?

 

thanks,

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎10-16-2020 03:18 PM

I don't think you understand what OAuth is, based on what you're asking and how you're phrasing it, suggest you thoroughly review this doc:

https://community.cisco.com/t5/collaboration-voice-and-video/understanding-oauth-and-mra/ta-p/4069744

 

And spend some time on google searching resources on OAuth Vs. SSO and then, come back and rephrase your question if needed if you still have doubts after doing some research on OAuth and SSO.

HTH

java

if this helps, please rate

View solution in original post

0 Helpful
12 Replies 12

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎10-16-2020 03:18 PM

I don't think you understand what OAuth is, based on what you're asking and how you're phrasing it, suggest you thoroughly review this doc:

https://community.cisco.com/t5/collaboration-voice-and-video/understanding-oauth-and-mra/ta-p/4069744

 

And spend some time on google searching resources on OAuth Vs. SSO and then, come back and rephrase your question if needed if you still have doubts after doing some research on OAuth and SSO.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
test60
Level 1
Level 1
In response to Jaime Valencia

‎10-19-2020 08:24 AM

hi Jamie/Roger.

 

I use  LDAP for Jabber windows, but still every  3 months , when user change Outlook AD password.  Jabber will then ask for update on new password for "Contact Service" and "Phone Services'.

 

I hear Jabber Oauth will fix this issue?  so whatever we change on Outlook AD password, will automatically reflect to Jabber "Phone service".

 

thanks,

0 Helpful

Go to solution
test60
Level 1
Level 1
In response to Jaime Valencia

‎10-19-2020 10:42 AM

Thank you Jaime, i read the doc, it answer my question.   Actually my scenario is to automatically update "Phone service" password, wjoch is done by token per the explanation.  

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to test60

‎10-19-2020 11:45 AM

Without SSO your not going to get much change in user UX. When the OAuth token expires after a password change the user would still need to provide the new password.



Response Signature


0 Helpful

Go to solution
Roger Kallberg
VIP
VIP

‎10-17-2020 01:18 AM

Jabber as such in a CM integration does not have it’s own password. At least if you’re using LDAP directory synchronisation and authentication in CM. Based on your phrasing I assume this is what you have.

As Java wrote you need to do some studies on the topic around OAuth and SSO.



Response Signature


0 Helpful

Go to solution
test60
Level 1
Level 1
In response to Roger Kallberg

‎10-19-2020 08:25 AM

hi Roger,

 

I understand this & used LDAP.  However when you change 3 months password on Outlook AD, Jabber will still ask for new password.

 

Thanks,

0 Helpful

Go to solution
test60
Level 1
Level 1
In response to Roger Kallberg

‎10-19-2020 10:23 AM

Have you done Jabber Oath before?  

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to test60

‎10-19-2020 10:44 AM - edited ‎10-19-2020 11:29 AM

Yes we use SSO with OAuth refresh tokens. What you describe is the expected experience without SSO. If you enable SSO you won’t get the save user credentials in Jabber, this is what is triggering the need to update the credentials after password change in AD.



Response Signature


0 Helpful

Go to solution
test60
Level 1
Level 1
In response to Roger Kallberg

‎10-19-2020 02:41 PM

hi Roger,

 

Thanks.  However in this document from Jaime, https://community.cisco.com/t5/collaboration-voice-and-video/understanding-oauth-and-mra/ta-p/4069744.

 

It said , after we enable OAuth ( no need SSO) , then we will not need to update credentials anymore after password change.

 

So just confirm, do we need OAuth + SSO    or just OAuth  for that?

 

Thanks.

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to test60

‎10-19-2020 10:32 PM - edited ‎10-19-2020 10:50 PM

From what I know you would need to provide the credentials initial once OAuth is setup and any time after the password has changed when the OAuth token expires. That is if you don’t also have SSO setup. With SSO this becomes seamless to the user with no need to update any credentials.

I read the document before and now again one more time and I can’t find any mention of the part you reference, aka that it says no need for SSO to not need to update password. Would you mind to point out the specific part where you see that?

Depending upon your setup of SSO and what platform you would use Jabber on the UX for the initial login with SSO might be slightly different.



Response Signature


0 Helpful

Go to solution
test60
Level 1
Level 1
In response to Roger Kallberg

‎10-20-2020 04:52 PM

hi Roger,

 

what can cause token to expired  after initial setup ?  as I dont have SSO.

 

tks

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to test60

‎10-20-2020 10:07 PM

The token has a lifetime. If using refresh tokens it’s by default set to expire after 60 days. If you don’t use refresh tokens it would be much shorter lifespan as then it’s an access token. I believe it has a default lifetime of 60 minutes, but not totally sure.



Response Signature


0 Helpful
Customers Also Viewed These Support Documents