cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17248
Views
0
Helpful
20
Replies

WebEx SSO Setup

Velocity2089
Level 1
Level 1

Hello. I'm currently trying to set up SSO for WebEx and used the documentation provided by Kinglsey Lewis. I do get to the point of receiving a login prompt for a user ID and password, but it doesn't seem to authenticate. I'm not sure what I'm missing with this and it's making me crazy!! Does anyone have any possible thoughts? Any help would be greatly appreciated!!

20 Replies 20

I would definitely look at your IIS configs as listed in that document then for your ADFS environment. If its internal, you can do a Fiddler trace from your client machine, (will probably need to install the HTTPS proxy on your client to decode SSL traffic) to see what HTTP response headers you are getting back during that loop. That, combined with the Failed Request Tracing in ISS (good tutorial here: http://www.iis.net/learn/extensions/url-rewrite-module/using-failed-request-tracing-to-trace-rewrite-rules) should narrow down exactly where in your ADFS environment your authentication attempts are failing.

Casey Bleeker | Unified Collaboration Administrator | Colorado Community College System

T: 720.858.2824 | M: 303.330.8467 | F: 720.858.3126

Velocity2089
Level 1
Level 1

Hi Everyone!

I did make some solid progress with SSO and was able to get it working. Took some unique configurations here and there but I was able to get it going with all browsers. Now I'm working to have a proper certificate in place so that users are prompted with warning pages when trying to login. In this case I got a Digicert certificate and have uploaded that to my server.

On the WebEx end though, does that Certificate need to get uploaded to the WebEx site??

Thanks!

Raymond,

That cert is just going to go on your SSO provider. You do have to do a certificate exchange with webex so they trust your SSO provider. I believe its under the site certificate manager in Webex admin.

Casey Bleeker | Unified Collaboration Administrator | Colorado Community College System

T: 720.858.2824 | M: 303.330.8467 | F: 720.858.3126

Velocity2089
Level 1
Level 1

Hi James,

Would the Digicert certificate be added here though? So in instructions I've seen, the self-signed certificate from the server gets added here. But I would assume if you decided to you a cert from a 3rd party like Digicert, that would get replaced?

Thanks,

Ray

Correct – whatever cert is installed on the SSO server (self-signed, signed by your domain CA, or 3rd party) will need to be exchanged with the WebEx environment in the cert manager. I would definitely recommend at a minimum a cert signed by your domain CA root authority, or a 3rd party, so that your clients won't get prompted to accept the cert.

Ok great, that makes sense. Now about about in ADFS 2.0 in the certificate store. Do changes need to be made there? I noticed even when I added the cert to WebEx, I'm still getting a certificate prompt.


Also just to add, my servername is "XYZ.Domain.Local" and my certificate is actually signed to "SSO.Domain" and we've set up a DNS record to point from that SSO address to the servers public IP address.

So would changes need to be made for this? I'm assuming somewhere with the Issuer for SAML? Which is typically.

http://servername/adfs/services/trust