Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4076
Views
0
Helpful
4
Replies

Webex Meeting SSO - Invalid SAML Assertion (desktop client only)

duncan.fraser1
Level 1
Level 1

‎03-06-2019 05:22 PM

We've just cutover a test Webex site (sabreglbl.webx.com) to SSO, using Azure as iDP.

 

Testing SSO, we can login fine to sabreglbl.webex.com from any browsers (IE, Chrome, Edge) fine. When I change the site address on my Webex Meetings client and attempt to login it throws back:

User Authentication Failed
Reason:  Invalid SAML Assertion
 6B76C6012AED443D9D49EA8B7F4394B8_1551920118875

 

Seems bizarre the authentication is working via browser, but not desktop client.

Any ideas?

 

thx

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Ratheesh Kumar
VIP Alumni
VIP Alumni

‎03-06-2019 07:26 PM

Hi there 

Just curios to know if you are running with 33.3 version of Desktop App

 

Issues with logging in to Cisco Webex Meetings Desktop App.
CSCvk65570
 
Description
Symptom:
SSO Enabled accounts are unable to authenticate the Meetings App after installing 33.3.

Conditions:
SSO Enabled Accounts running Webex Meetings App 33.3.

Workaround:
Contact support for a hot fix DLL package to replace existing DLL in 33.3.
 
 

Hope this Helps

Cheers
Rath!
***Please rate helpful posts***

0 Helpful

duncan.fraser1
Level 1
Level 1
In response to Ratheesh Kumar

‎03-14-2019 09:32 AM

Yes running v33.6 and v33.9 clients.

 

Found the issue. IDP was sending both “urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport” for users connecting outside office and “urn:oasis:names:tc:SAML:2.0:ac:classes:password” while in the office network. We only had the "password" string for internal office users. Added the first mentioned string above all working.

0 Helpful

WalterP738809
Level 1
Level 1
In response to duncan.fraser1

‎11-28-2019 07:34 AM - edited ‎11-28-2019 07:38 AM

Hi,

 

I have the same problem.

With "urn:oasis:names:tc:SAML:2.0:ac:classes:Password", SSO works in the browser. However, in the client I get "Invalid SAML Assertion (13)"

 

Unfortunately, using "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" does not fix the issue for me.

In fact, that breaks SSO in the browser as well (now also Invalid Assertion).

I tried all possible combination of AuthnContextClassRef, including those mentioned by both the Microsoft and Webex tutorials:

- urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified

- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

- urn:oasis:names:tc:SAML:2.0:ac:classes:X509

- urn:federation:authentication:windows

 

Only:

- urn:oasis:names:tc:SAML:2.0:ac:classes:Password

Works (but only in the browser).


We are not use AD FS, just Azure AD.

We are using MFA with Azure AD.

Meetings Client: 39.10.3.8

 

Any idea?

Thanks

0 Helpful

Amin.Ali
Level 1
Level 1

‎07-17-2021 04:27 PM

I've recently had the same issue but manged to fix it:

Shift + right click on WebEx meeting icon
Go on "run as different user"
Put in same login credentials that you logged in with
WebEx will open 
Hit sign in 
User should be able to sign in

 

image.png

 

Hopefully this works for you as it worked for me.

0 Helpful
Customers Also Viewed These Support Documents