cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2583
Views
0
Helpful
2
Replies

MAC Jabber Clients cannot login using SSO

Matthew S
Level 1
Level 1

I'm having an issue where MAC Jabber clients are receiving a SAML Metadata Not Initialized error and I'm confused as to why. 

 

I have SSO working on the rest of my environment, windows Jabber are fine using SSO but MAC clients seem to be having issues. 

Any help would be appreciated. Thanks.

 

2018-01-30 10:37:46,680 DEBUG [http-bio-443-exec-20] filter.SSOAuthAgentFilter - servlet path :null
2018-01-30 10:37:46,680 DEBUG [http-bio-443-exec-20] filter.SSOAuthAgentFilter - recovery URL :null
2018-01-30 10:37:46,680 DEBUG [http-bio-443-exec-20] filter.SSOAuthAgentFilter - principal object in request is null
2018-01-30 10:37:46,680 DEBUG [http-bio-443-exec-20] filter.SSOAuthAgentFilter - Principal not found, sending http redirect to SAML Service Provider
2018-01-30 10:37:46,680 DEBUG [http-bio-443-exec-20] filter.SSOAuthAgentFilter - No relay url found in session, using current request url
2018-01-30 10:37:46,680 DEBUG [http-bio-443-exec-20] filter.SSOAuthAgentFilter - Relay url >/ssosp/oauth/authorize?scope=UnifiedCommunications:readwrite&response_type=token&client_id=C41eb54529dd9907e01d3744ead3a991ba9cc4c772b0497ebe8a103fa69fe81a8<
2018-01-30 10:37:46,680 DEBUG [http-bio-443-exec-20] filter.SSOAuthAgentFilter - Relay url encoded >%2Fssosp%2Foauth%2Fauthorize%3Fscope%3DUnifiedCommunications%3Areadwrite%26response_type%3Dtoken%26client_id%3DC41eb54529dd9907e01d3744ead3a991ba9cc4c772b0497ebe8a103fa69fe81a8<
2018-01-30 10:37:46,681 INFO  [http-bio-443-exec-20] filter.SSOAuthAgentFilter - Relay url contains /oauth/authorize, forwarding to /saml/login?relayurl=%2Fssosp%2Foauth%2Fauthorize%3Fscope%3DUnifiedCommunications%3Areadwrite%26response_type%3Dtoken%26client_id%3DC41eb54529dd9907e01d3744ead3a991ba9cc4c772b0497ebe8a103fa69fe81a8
2018-01-30 10:37:46,681 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - SAML Response is ::null
2018-01-30 10:37:46,681 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - SAMLAuthenticator:processRequest
2018-01-30 10:37:46,681 INFO  [http-bio-443-exec-20] utils.PropertiesFileUtil - No need, it's already loaded :ssoconfig.properties
2018-01-30 10:37:46,681 INFO  [http-bio-443-exec-20] utils.PropertiesFileUtil - Loading the properties file content :ssoconfig.properties
2018-01-30 10:37:46,681 INFO  [http-bio-443-exec-20] api.SAMLSSOManager - from properties file samlPlatformManagerImplClassName: com.cisco.vos.platform.api.manager.SAMLPlatformManager
2018-01-30 10:37:46,682 INFO  [http-bio-443-exec-20] api.SAMLSSOManager - loaded samlPlatformManagerImplClassName: com.cisco.vos.platform.api.manager.SAMLPlatformManager
2018-01-30 10:37:46,682 DEBUG [http-bio-443-exec-20] api.SAMLSSOManager - enter getAcsUrlIndex
2018-01-30 10:37:46,682 INFO  [http-bio-443-exec-20] utils.PropertiesFileUtil - No need, it's already loaded :ssoconfig.properties
2018-01-30 10:37:46,682 INFO  [http-bio-443-exec-20] utils.PropertiesFileUtil - Loading the properties file content :ssoconfig.properties
2018-01-30 10:37:46,683 INFO  [http-bio-443-exec-20] app.SSOConfigManager - Operation :getAcsUrlIndex
2018-01-30 10:37:46,683 DEBUG [http-bio-443-exec-20] app.SSOConfigManager - enter getAcsUrlIndex
2018-01-30 10:37:46,683 DEBUG [http-bio-443-exec-20] app.SSOConfigManager - exit getAcsUrlIndex
2018-01-30 10:37:46,683 DEBUG [http-bio-443-exec-20] app.SSOConfigManager - exit executeOperation
2018-01-30 10:37:46,683 INFO  [http-bio-443-exec-20] api.SAMLSSOManager - successfully executed executeCommand for API - getAcsUrlIndex
2018-01-30 10:37:46,683 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Index :0
2018-01-30 10:37:46,684 INFO  [http-bio-443-exec-20] authentication.SAMLAuthenticator - SAMLAuthenticator:validateIDPXMLForExpiredCertificate:Begin
2018-01-30 10:37:46,684 INFO  [http-bio-443-exec-20] utils.PropertiesFileUtil - No need, it's already loaded :ssoconfig.properties
2018-01-30 10:37:46,684 INFO  [http-bio-443-exec-20] utils.PropertiesFileUtil - Loading the properties file content :ssoconfig.properties
2018-01-30 10:37:46,684 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - IDP xml /usr/local/platform/sso/saml/metadata/idp.xml
2018-01-30 10:37:46,685 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Root element EntityDescriptor
2018-01-30 10:37:46,685 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Number of Certificates 0
2018-01-30 10:37:46,686 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Base 64 Encoded Certificate MIIC2jCCAcKgAwIBAgIQIio6VZphYqhKU7rEzfN2XTANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDEx5BREZTIEVuY3J5cHRpb24gLSBhZGZzLm5zZi5nb3YwHhcNMTcwMzE0MTQ1MDAyWhcNMTgwMzE0MTQ1MDAyWjApMScwJQYDVQQDEx5BREZTIEVuY3J5cHRpb24gLSBhZGZzLm5zZi5nb3YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqdc24SdqAmPA0Z6HEkUMjegbWzoE4XnDVef1cQORAjp+9An0fYGXKXIZjQJ/rgt3IRZVTxEgWbe4km3x1xci9rACNBww4EvOZJkkUoX0QRfeF9Vg5VcgsbmNtpu0lfFBi51Yn9GfZtBdqZLvtHlnc018F9qXN8+jiPh0Bl3k6US69YFtY5kDBhJBh/wMDyVgmgIo9ZxK3375sQGZw1IiD4JLULd1vUuITeqdvIwy4D+uYkKxzTHQaO4jMMuO4jXu+zSJUsGo6oYVZhXXY6sXm/Dl0ceHR9T2Giufz5Xios9SgX3ajASkP/Q7rJvK9/grW6CXB2e0iiQEshdTMGKhXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAF3wif5CmUpUvd6or7AhN0DwYriLsCuoLIiChNrsGLrPxGW68krDvbpVCps3IidG7J8QHe03C3YsYuO6tWUIF0MCqESKviaAxcaUxQyH/dcv27wHP45vmPpiwRc9AbRYLqwlIKHiSlL5ExUGJZOISKsVJItszYDDRKIohsb/LfhlzOBVZMQhpDkbYflsrjJKIOYHOX2Q3cigeYMSkA709gSPBGnlQShIg7wzKcaGA7AzmilhM2Oy7zT1Eqm+rB4g80mO/acGJUH3/wkwA8IDAOdpgBKIeEJCiSBDQ+0n9plljAD0uDLNTdt0sTU4Vtu5Yv82eQijoa2HWZ+tfTA1k6Q=
2018-01-30 10:37:46,686 INFO  [http-bio-443-exec-20] authentication.SAMLAuthenticator - SAMLAuthenticator:validateIDPXML:Begin
2018-01-30 10:37:46,686 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Generating for the Decoded Certificate String..
2018-01-30 10:37:46,686 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Checking the Validity of the Generated Certificate..
2018-01-30 10:37:46,686 INFO  [http-bio-443-exec-20] authentication.SAMLAuthenticator - SAMLAuthenticator:validateIDPXML:End
2018-01-30 10:37:46,686 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Certificate Expiry Status: false
2018-01-30 10:37:46,686 INFO  [http-bio-443-exec-20] authentication.SAMLAuthenticator - SAMLAuthenticator:validateIDPXMLForExpiredCertificate:End
2018-01-30 10:37:46,687 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Determine matches for relayuri
2018-01-30 10:37:46,687 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Match found ::%2Fssosp%2Foauth%2Fauthorize%3Fscope%3DUnifiedCommunications%3Areadwrite%26response_type%3Dtoken%26client_id%3DC41eb54529dd9907e01d3744ead3a991ba9cc4c772b0497ebe8a103fa69fe81a8
2018-01-30 10:37:46,687 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - encoded relay uri ::%2Fssosp%2Foauth%2Fauthorize%3Fscope%3DUnifiedCommunications%3Areadwrite%26response_type%3Dtoken%26client_id%3DC41eb54529dd9907e01d3744ead3a991ba9cc4c772b0497ebe8a103fa69fe81a8::
2018-01-30 10:37:46,687 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - decoded relay uri ::/ssosp/oauth/authorize?scope=UnifiedCommunications:readwrite&response_type=token&client_id=C41eb54529dd9907e01d3744ead3a991ba9cc4c772b0497ebe8a103fa69fe81a8::
2018-01-30 10:37:46,687 ERROR [http-bio-443-exec-20] authentication.SAMLAuthenticator - Metadata not initialized
2018-01-30 10:37:46,687 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Error while processing saml request....
2018-01-30 10:37:46,687 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - Error in Metadata..
2018-01-30 10:37:46,687 DEBUG [http-bio-443-exec-20] authentication.SAMLAuthenticator - error url is ::/ssosp/error?id=1000010
2018-01-30 10:37:46,706 INFO  [http-bio-443-exec-20] servlet.ErrorServlet - Dname Cisco Unified Communications Manager
2018-01-30 10:37:46,706 INFO  [http-bio-443-exec-20] servlet.ErrorServlet - SAML Metadata not initialized.Error Message
2 Replies 2

Matthew S
Level 1
Level 1

In case anyone finds this the fix for us was to restart the Tomcat Service on all of our Call Managers. 

 

We had an NTP issue a week ago and our MACs were still pointing to a high Stratum NTP server. Once we restarted the Tomcat Service they were able to login again. 

tomcat restart fixed my SAML SSO issue too.

 

Thanks for this post.