Re: WebEx SSO Setup - Page 2

Velocity2089 · ‎10-02-2013

Hello. I'm currently trying to set up SSO for WebEx and used the documentation provided by Kinglsey Lewis. I do get to the point of receiving a login prompt for a user ID and password, but it doesn't seem to authenticate. I'm not sure what I'm missing with this and it's making me crazy!! Does anyone have any possible thoughts? Any help would be greatly appreciated!!

jameskeagie · ‎10-11-2013

I would definitely look at your IIS configs as listed in that document then for your ADFS environment. If its internal, you can do a Fiddler trace from your client machine, (will probably need to install the HTTPS proxy on your client to decode SSL traffic) to see what HTTP response headers you are getting back during that loop. That, combined with the Failed Request Tracing in ISS (good tutorial here: http://www.iis.net/learn/extensions/url-rewrite-module/using-failed-request-tracing-to-trace-rewrite-rules) should narrow down exactly where in your ADFS environment your authentication attempts are failing.

Casey Bleeker | Unified Collaboration Administrator | Colorado Community College System

T: 720.858.2824 | M: 303.330.8467 | F: 720.858.3126

Velocity2089 · ‎11-06-2013

Hi Everyone!

I did make some solid progress with SSO and was able to get it working. Took some unique configurations here and there but I was able to get it going with all browsers. Now I'm working to have a proper certificate in place so that users are prompted with warning pages when trying to login. In this case I got a Digicert certificate and have uploaded that to my server.

On the WebEx end though, does that Certificate need to get uploaded to the WebEx site??

Thanks!

jameskeagie · ‎11-06-2013

Raymond,

That cert is just going to go on your SSO provider. You do have to do a certificate exchange with webex so they trust your SSO provider. I believe its under the site certificate manager in Webex admin.

Casey Bleeker | Unified Collaboration Administrator | Colorado Community College System

T: 720.858.2824 | M: 303.330.8467 | F: 720.858.3126

Velocity2089 · ‎11-06-2013

Hi James,

Would the Digicert certificate be added here though? So in instructions I've seen, the self-signed certificate from the server gets added here. But I would assume if you decided to you a cert from a 3rd party like Digicert, that would get replaced?

Thanks,

Ray

jameskeagie · ‎11-06-2013

Correct – whatever cert is installed on the SSO server (self-signed, signed by your domain CA, or 3rd party) will need to be exchanged with the WebEx environment in the cert manager. I would definitely recommend at a minimum a cert signed by your domain CA root authority, or a 3rd party, so that your clients won't get prompted to accept the cert.

Velocity2089 · ‎11-06-2013

Ok great, that makes sense. Now about about in ADFS 2.0 in the certificate store. Do changes need to be made there? I noticed even when I added the cert to WebEx, I'm still getting a certificate prompt.

Also just to add, my servername is "XYZ.Domain.Local" and my certificate is actually signed to "SSO.Domain" and we've set up a DNS record to point from that SSO address to the servers public IP address.

So would changes need to be made for this? I'm assuming somewhere with the Issuer for SAML? Which is typically.

http://servername/adfs/services/trust