05-07-2020 04:33 PM - edited 05-07-2020 04:35 PM
In My UCCX Lab , and I am trying to Configure SSO
UCCX : 12.5 &
Windows Server 2012 (AD+ DNS + CA + ADFS) all in one Box
I followed steps mentioned in bellow Link
Configure the Identity Provider for Cisco Identity Service to enable SSO
when i am trying to execute last step in the document :
"Enable Signed SAML Assertions for the Relying Party Trust (Cisco Identity Service)"
I am getting below error message on my Windows AD Server
I tried to search in Microsoft related websites , but i couldn't understand everything listed there
on My UCCX , when I am trying to test SSO from Ids Side
getting below :
05-08-2020 07:08 AM
This isn't the solution to your problem, but did you see that 12.5(1)ES1 came out and addresses some SSO changes?
Updated Features SSO In SSO mode the access token and refresh tokens are changed to 'httponly' mode cookies for security reasons.
Cisco Finesse REST APIs are enhanced to get the access token and refresh tokens in the response body.
Third-party clients who were relying on the SSO cookie values must change their JavaScript APIs to use the enhanced Finesse REST APIs.
Fetch Access Token API endpoint (https://finesse1.xyz.com/desktop/sso/token) has a new optional parameter return_refresh_token=true|false to get the refresh token in the response body. Note: When you use the return_refresh_token=truequery parameter in Single Sign-On—Fetch Access Token API, access token and refresh token cookies are not added to the response. All information is provided as part of the response body, which can be directly used by the third-party clients.
Use this query parameter when third-party clients use Cisco Finesse SSO APIs alongside Finesse desktop in the same browser. Using this query parameter prevents agent logging out from Finesse desktop due to the override of the desktop cookie due to third-party client activity.
On Refreshing existing access token, use the new optional parameter refreshtoken=<refresh token value> along with the existing token in the query parameter. Note: If the token was initially fetched with the return_refresh_token=true query parameter, then the refresh token in request payload is mandatory.
https://software.cisco.com/download/cart?imageguid=7705121D6B097E71441C8FF0F49B197ED7AFC667
05-15-2020 03:54 PM
07-28-2020 02:55 AM
Hi eslam rizk,
Skip that Step 2 & move to next step i.e. Step 3. As CMDlet is already enabled on windows 2012 & 2016.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide