01-07-2016 09:45 AM - edited 03-17-2019 05:46 PM
Hello,
question, if I enable single sign-on on my cucm cluster, does it mean, that I have to use SSO on all endpoints, like Jabber or TSP? We are using CUCM 10.5.
If possible, I would like to start with TSP using SSO and later on also use Jabber.
Regards,
René
Solved! Go to Solution.
01-11-2016 02:06 AM
That is not possible. Once you enable SSO on your cluster, jabber will automatically detect it and will attempt to use it.
01-07-2016 12:50 PM
You'll possibly get error "Cannot open page. Try again later" with no option to login from Jabber with CUCM SSO enabled. In jabber log you can verify this using log (Problem report > jabber.log)-
.."[LifecycleController::OnSSOSignInRequired] - LifecycleController::OnSSOSignInRequired - Cannot open page. Try again later."
01-08-2016 01:41 AM
Hi Md Hasan,
is this a "yes" to my question, that whenever SSO is enabled in the Cluster, I have to use SSO on all endpoints?
01-09-2016 10:21 AM
Rene,
The answer is NO. Most of your endpoints dont require SSO. Its only Jabber that supports SSO. It also depends on your jabber version. From the client side ie Jabber you dont need to do anything for it to support SSO. Its automatically built into the client.
01-11-2016 02:04 AM
Hello,
sorry, I don't get it. Try to make it simple. I have 2 applications running on my client which have the feature SSO built in. One is Jabber 10.6 and the other is Cisco TSP (Tapi Client). I want to use TSP with SSO but I don't want to use Jabber for SSO. Is this still possible after I enabled SSO on the Cluster for TSP?
Regards
Rene
01-11-2016 02:06 AM
That is not possible. Once you enable SSO on your cluster, jabber will automatically detect it and will attempt to use it.
01-27-2016 10:57 AM
Hello,
This discussion is very relevant to my scenario. Only variation is that I have 2 domains and each domain is a separate forest with AD.
Will SSO work for me. Do I need to change to uid for user synchronization?
Thanks
11-03-2016 10:35 AM
MultiDomain will work with AD-LDS to aggregate Multi-Forest domains to the CUCM (v10.5+) This will take care of users in CUCm and address book for Jabber.
SSO will also be redirected to respective Forests for authentication by AD-LDS.
09-19-2019 09:23 PM
Hi Ayodeji, sorry to raise this question after so long time, I also have questions about JTAPI user SSO, hope you can help me!
1. When SSO is enabled for authentication on the cluster, our current understanding is JTAPI/TAPI user is also authenticated using SSO and we can not bypass SSO.
However we would like to avoid SAML authentication for JTAPI/TAPI user because it is integrated with external application.
So is there a way to bypass SSO just for JTAPI/TAPI user?
2. We have an application server which provide click-to-call service by integration through CTI and also a recording server.
Because it uses CTI, we create end user for the application, and link the device to the end user.
This CTI integration currently uses ID/PW authentication, but when we enable SSO, is it correct to say that since SAML and OAuth will be covered by TSP client provided by CUCM and JTAPI application side, the application server side doesn't need to care about SSO?
Or, does the application server side also needs to support SAML and OAuth protocol? In that case, is there any necessary task like approving access to certificate store etc.
01-09-2016 03:16 PM
You don't have to "Enable" SSO on the client (Because client automatically discovers CUCM has SSO enabled and Jabber must adhere to that - which means PC must Join the domain and must be able to communicate with SSO Sever/ADFS Server over HTTPS without any hickups -- Internet explorer specific settings may be needed.) The error I have posted was from a PC that is not domain Joined. Same environment where a PC is setup properly and Domain joined SSO works ok.
HTH
07-26-2016 04:26 AM
Hi Md Hasan,
I've exactly this issue.
All works fine for the Jabber mobile (Android and iPhone) and also for MAC.
And Also This issue happen only accessing through the Expressway Infrastructure, in the corporate LAN authentication works like a Charm!!
But, jabber for Windows (All versions) on Windows 10, with SSO enabled and ADFS site added to Intranet Sites in internet Option, when I try to login I get a Jabber popup that say:
Unable to open https://adfs.externaldomain.it and imeddiatly closed.
On the Jabber I see the error: Unable to open the Page, Try again later
But SSO authentication Works fines, if I put the ADFS URL in trusted Site in the Internet Option, But in this case, Jabber Always ask for domain username and password, and didn't use the windows logon credential. Very annoying things
Any Idea?
Many Thanks
Alessandro Bertacco
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide