Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1205
Views
0
Helpful
3
Replies

Error when enabling SSO with UCCX 12.5

eslam rizk
Level 4
Level 4

‎05-07-2020 04:33 PM - edited ‎05-07-2020 04:35 PM

In My UCCX Lab , and I am trying to Configure SSO 

UCCX : 12.5 &

Windows Server 2012 (AD+ DNS + CA + ADFS) all in one Box

I followed steps mentioned in bellow Link 

Configure the Identity Provider for Cisco Identity Service to enable SSO

when i am trying to execute last step in the document : 

"Enable Signed SAML Assertions for the Relying Party Trust (Cisco Identity Service)"

I am getting below error message on my Windows AD Server 

2020-05-08_012513.png

I tried to search in Microsoft related websites , but i couldn't understand everything listed there 

on My UCCX , when I am trying to test SSO from Ids Side 

getting below : 

2020-05-08_013001.png

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Anthony Holloway
Cisco Employee
Cisco Employee

‎05-08-2020 07:08 AM

This isn't the solution to your problem, but did you see that 12.5(1)ES1 came out and addresses some SSO changes?

 

Updated Features

SSO
In SSO mode the access token and refresh tokens are changed to 'httponly' mode cookies for security reasons.

Cisco Finesse REST APIs are enhanced to get the access token and refresh tokens in the response body.

Third-party clients who were relying on the SSO cookie values must change their JavaScript APIs to use the enhanced Finesse REST APIs.

Fetch Access Token API endpoint (https://finesse1.xyz.com/desktop/sso/token) has a new optional parameter return_refresh_token=true|false to get the refresh token in the response body.

Note: When you use the return_refresh_token=truequery parameter in Single Sign-On—Fetch Access Token API, access token and refresh token cookies are not added to the response.

All information is provided as part of the response body, which can be directly used by the third-party clients.

Use this query parameter when third-party clients use Cisco Finesse SSO APIs alongside Finesse desktop in the same browser. Using this query parameter prevents agent logging out from Finesse desktop due to the override of the desktop cookie due to third-party client activity.

On Refreshing existing access token, use the new optional parameter refreshtoken=<refresh token value> along with the existing token in the query parameter.

Note: If the token was initially fetched with the return_refresh_token=true query parameter, then the refresh token in request payload is mandatory.

https://software.cisco.com/download/cart?imageguid=7705121D6B097E71441C8FF0F49B197ED7AFC667

0 Helpful

eslam rizk
Level 4
Level 4
In response to Anthony Holloway

‎05-15-2020 03:54 PM

Hi Anthony,

"Enable Signed SAML Assertions for the Relying Party Trust (Cisco Identity Service)"
was the last step in SSO Configuration and i couldn't execute it on Windows AD Server ,
and faced mentioned error message in Windows Powershell
0 Helpful

Chetan Phadatare
Level 1
Level 1
In response to eslam rizk

‎07-28-2020 02:55 AM

Hi eslam rizk,

Skip that Step 2 & move to next step i.e. Step 3. As CMDlet is already enabled on windows 2012 & 2016.

 

 

0 Helpful
Customers Also Viewed These Support Documents