cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3492
Views
5
Helpful
10
Replies

SSO with Hybrid Cloud-Based Deployments

t.svatek
Level 3
Level 3

Hi

I´m wondering, how SSO works with Hybrid Cloud-Based Deployments.

I want to use Jabber for Windows with WebEx Connect and Unified Communications integration with Cisco WebEx.

Questions:

  1. How can I configure Jabber for Windows to use SSO with WebEx Connect after Client-Installation?
  2. I´ve read, that SSO username with WebEx Connect will be sAMAccountName@domain.com. Correct?
  3. I´ve read, that I have to create a jabber-config.xml with a follows to enforce Jabber for Windows to use the Webex-Connect login credentials also for Phone Services. Correct?
  4. <CUCM>     <PhoneService_UseCredentialsFrom>presence</PhoneService_UseCredentialsFrom>   </CUCM>
  5. If this is correct, Jabber for Windows will use sAMAccountName@domain.com to authenticate with CUCM, but CUCM would need only the username without the domain. From my point of view, Jabber for Windows will not be able to authenticate with CUCM for Phone Services.

Any thoughts?

thank you

Tino

1 Accepted Solution

Accepted Solutions

Muhammad Maqsood Mushtaq
Cisco Employee
Cisco Employee

Hi Tino,

You can use the command line arguments to specify SSO with WebEx presence server. There is no real SSO soloution at the moment for hybrid mode (CUCM, Unity Cxn).  See the answer inline for other questions.

          >> Correct

  • I´ve read, that I have to create a jabber-config.xml with a follows to  enforce Jabber for Windows to use the Webex-Connect login credentials  also for Phone Services. Correct?

          >> No. "PhoneService_UseCredentialsFrom" attribute can only be used in on-prem deployment. Check the Plan for Authentication section of                Jabber for Windows admin guide for more information.

Thanks,

Maqsood

View solution in original post

10 Replies 10

Muhammad Maqsood Mushtaq
Cisco Employee
Cisco Employee

Hi Tino,

You can use the command line arguments to specify SSO with WebEx presence server. There is no real SSO soloution at the moment for hybrid mode (CUCM, Unity Cxn).  See the answer inline for other questions.

          >> Correct

  • I´ve read, that I have to create a jabber-config.xml with a follows to  enforce Jabber for Windows to use the Webex-Connect login credentials  also for Phone Services. Correct?

          >> No. "PhoneService_UseCredentialsFrom" attribute can only be used in on-prem deployment. Check the Plan for Authentication section of                Jabber for Windows admin guide for more information.

Thanks,

Maqsood

Hi Maqsood

Thanks for your info. I´ve tested the "PhoneService_UseCredentialsFrom" attribute in my hybrid deployment and it seems, that it effects the jabber also in this scenario: the credentials form in the jabber options menu are not displayed.

My understanding of the admin guide is, that it should work:

Authentication in Hybrid Cloud-Based Deployments

If the client authentication credentials are the same as the voicemail service credentials on Cisco Unity Connection, you can specify the VoicemailService_UseCredentialsFrom parameter in the Cisco Jabber for Windowsconfiguration file. This parameter uses the client authentication credentials to access voicemail services. As a result, Cisco Jabber for Windows users do not need to enter their credentials for voicemail services in the client.

You should ensure that the sign in credentials and voicemail service credentials are the same for the Cisco Jabber for Windows users. If you set this parameter, the Voicemail section is not available on the Phone accounts tab in the Options window.

thanks,

Tino

Hi Tino,

Do you have telephony capabilities in client? Jabber hides the phone credentials UI once it sees the attribute in config file. What is your username format to login to Webex? As you mentioned in your first post, this should not work due to the format of username for CUCM and WebEx.

According to Credentials Configuration in On-Premises Deployments section, it should not take effect in hybrid cloud-based deployments. Section you mentioned above is for voicemail credentials.

Thanks,

Maqsood

Hi Maqsood

Yes, Jabber hides phone credentials UI. Also in hybrid mode.

Are there any plans to resolve the behaviour to use SSO in hybrid deployments in an upcoming release? Can I do a workaround in the meantime to set the user-credentials for phone services? I want to prevent, that end users have to enter their credentials manually in options menu.

Thanks,

Tino

Hi Tino,

SSO for hybrid mode is a long term roadmap item for Jabber for Windows. Unfortunately there is no workaround for phone credentials in hybrid mode at the moment.

Thanks,

Maqsood

Has there been any recent enhancements regarding the capability to use SSO authentication in hybrid-mode for the phone integration credentials into call manager?

 

Thanks

I see this thread is a little dated, but we are using version 11 and have run into the same problem. Has there been any progress made regarding SSO or transparent login for the phone integration credentials for call manager in a hybrid-mode deployment?

 

We are looking for a solution to this as well.  Currently version 11.  

William,

No, unfortunately we never did find a resolution to this issue. Would be great if we could though so if you do find a solution please replay back to this thread.

I posted this reply over at your other discussion thread at:

https://supportforums.cisco.com/document/100121/how-avoid-jabber-winodws-user-putting-their-phone-service-credentials#comment-11684646

Hope this helps:

To have the Jabber client use your credentials in logging into Phone Accounts, go to User Management -- User Settings -- Service Profile Configuration. 

Under Voicemail Profile, there is a section for "Credentials source for Voicemail service". 

Select "Unified CM - IM & Presence". Save, then restart your client. That should fix it.

This works for Jabber & CUCI-Lync, as far as I know. I've tested it on CUCI Lync 11.6 and Jabber 11.x

Ben