Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2470
Views
10
Helpful
4
Replies

UCCX 11.6 SSO with Azure as IDP

Go to solution
ravi.kumar1
Level 1
Level 1

‎09-18-2021 12:13 AM

i've been testing UCCX 11.6 SSO with Azure as IDP, there is no real document available which gives the steps to perform on Azure side, i found a document for CuCM, which worked with CuCM at the first attempt, i thought to replicate it for UCCX , taking below points under consideration from SRND

 

The following are the expectations from SAML Response:
• The entire SAML response (message and assertion) is signed or only the message is signed but not the
SAML assertion alone is signed.
• SAML Assertion must not be encrypted.
• SAML response must be signed using SHA-128.
• NameIDFormat in SAML response must be urn:oasis:names:tc:SAML:2.0:named-format:transient.
• uid and user_principal attributes should be present in SAML assertion in the AttributeStatement section.
The "uid" attribute value must be the user Id using which users log in to Cisco contact centre applications
that are SSO enabled and the "user_principal" attribute value must be in uid@domain format.

 

My SSO test on UCCX has been successful, then no problem when i enable it from UCCX admin page, also am able to get in to GUI using SSO, CuIC as well, but not on finesse. On cisco finesse i keep getting below error

sso.JPG
below is my SAML signing config from Azure side

saml.JPG
Not sure if it is a bug, while setting up SSO i faced this bug which i found on google for ucce, then i asked TAC to perform the workaround:https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm57749

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ravi.kumar1
Level 1
Level 1

‎09-20-2021 12:12 PM

the issue was of case-sensitivity, as soon as i matched it with Azure, it fixed the issue

View solution in original post

4 Replies 4

Go to solution
ravi.kumar1
Level 1
Level 1

‎09-20-2021 12:12 PM

the issue was of case-sensitivity, as soon as i matched it with Azure, it fixed the issue

Go to solution
zhen.guo957@hotmail.com
Level 1
Level 1

‎11-14-2021 02:18 PM

Hi Ravi,

 

Can you tell what certificate you are using and what kind of the user claim you are using.

I have tried signing response with configuration as per your screenshot, and user claim below

default = user.onpremiseprinciple

uid = user.onpremisesamaccount

user_principle = user.onpremiseprinciple

Still not able to pass the SSO test.

 

Thanks,

0 Helpful

Go to solution
ravi.kumar1
Level 1
Level 1
In response to zhen.guo957@hotmail.com

‎11-15-2021 11:12 PM

Have your claims defined the way mentioned below
 
uid  ->  user.onpremisessamaccountname
user_principal  -> user.userprincipalname
Unique User Identifier  -> user.onpremisessamaccountname
 
Also, if your Azure redirects to ADFS for authentication and between them there is WS-fed defined, SSO won't work on 11.6
 
let me know if you have such a setup, i cna help you isolate the problem, if you don't above attributes and claims would be enough to make SSO test successful.
0 Helpful

Go to solution
zhen.guo957@hotmail.com
Level 1
Level 1
In response to ravi.kumar1

‎11-16-2021 01:02 AM

Thanks Ravi,

 

I will try the user claim by your suggestion below:

uid  ->  user.onpremisessamaccountname
user_principal  -> user.userprincipalname
Unique User Identifier  -> user.onpremisessamaccountname
And the Azure is not redirecting to ADFS for authentication.
 
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents