Solved: WebEX Meeting Server authentication question

danny.yf_li · ‎08-22-2016

Hi all

We configured LDAP integration authentication in WebEx. We want to prevent the brute force attack and minimize the use of domain password from internet, is there any other authentication methods?

If we fallback to use standalone account in WebEx, any password policies like complexity, length and expiry date in WebEx?

Thanks!!

Danny

dpetrovi · ‎08-23-2016

Hi Danny,

If you enabled LDAP authentication and Directory Integration with CWMS (via CUCM), then your profiled users are using LDAP credentials to authenticate to CWMS. It is not possible to disable authentication requirement for active profiled users.

There are two other methods of managing user accounts on CWMS:

1. LDAP integration via SAML 2.0 (Single Sign-On), but that would require you to have IdP provider accessible from the internet, as the authentication would take place on that end. You can read more about it here:

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_7/Planning_Guide/cwms_b_cwms-planning-system-requirements-2-7/cwms_b_cwms-planning-system-requirements-2-7_chapter_0111.html

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_7/Administration_Guide/cwms_b_cwms-administration-2-7/cwms_b_cwms-administration-2-7_chapter_01110.html#id_13124

2. Using CWMS local profiles. With local user profiles, user accounts are created either manually or by importing from CUCM (you can still have Directory Integration for importing profiles from CUCM, but requesting users to use locally created passwords on CWMS (don't enable LDAP Authentication)), and the passwords are created manually by end users locally on CWMS. As for password strengthening, you can check this document:

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_7/Administration_Guide/cwms_b_cwms-administration-2-7/cwms_b_cwms-administration-2-7_chapter_01110.html#concept_E2AC8672B23C487887A8AFFAE6C1EBDB

I hope this helps.

-Dejan

View solution in original post

dpetrovi · ‎08-23-2016

Hi Danny,

If you enabled LDAP authentication and Directory Integration with CWMS (via CUCM), then your profiled users are using LDAP credentials to authenticate to CWMS. It is not possible to disable authentication requirement for active profiled users.

There are two other methods of managing user accounts on CWMS:

1. LDAP integration via SAML 2.0 (Single Sign-On), but that would require you to have IdP provider accessible from the internet, as the authentication would take place on that end. You can read more about it here:

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_7/Planning_Guide/cwms_b_cwms-planning-system-requirements-2-7/cwms_b_cwms-planning-system-requirements-2-7_chapter_0111.html

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_7/Administration_Guide/cwms_b_cwms-administration-2-7/cwms_b_cwms-administration-2-7_chapter_01110.html#id_13124

2. Using CWMS local profiles. With local user profiles, user accounts are created either manually or by importing from CUCM (you can still have Directory Integration for importing profiles from CUCM, but requesting users to use locally created passwords on CWMS (don't enable LDAP Authentication)), and the passwords are created manually by end users locally on CWMS. As for password strengthening, you can check this document:

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_7/Administration_Guide/cwms_b_cwms-administration-2-7/cwms_b_cwms-administration-2-7_chapter_01110.html#concept_E2AC8672B23C487887A8AFFAE6C1EBDB

I hope this helps.

-Dejan

danny.yf_li · ‎08-23-2016

Thanks Dejan,

That helps me a lot . Thank you very much.

cheers

danny

dpetrovi · ‎08-23-2016

I am glad to hear that, Danny.

Take care,

-Dejan