- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2023 06:19 AM
Hello,
I have the SAML SSO test completing successfully from the CUC admin console but when I try to login with SSO I get:
Message: Access to the requested resource has been denied
Description: http.403
research tells me that this is most likely a user attribute mapping error but not sure how to proceed. I used a doc from Cisco and also tried one from Microsoft (Microsoft had newer date) that use different attributes and claims but both give the 403 error.
I I test from Azure I get:
https://cuc.mydomain.com/ssosp/error?id=1000000
error while processing SAML response
TIA,
Solved! Go to Solution.
- Labels:
-
Unified Communications
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2023 01:24 PM
I used these two links:
SAML SSO Microsoft Azure Identity Provider - Cisco
These docs specify different attributes for the uid but neither worked for me. I noticed uid in my CUC was UPN and this is because my Webex Connected UC directory sync is sending email address to CUC LDAP.
When I realized this, I changed uid claim to user.userprincipalname and it started working (in my env email address also is same as UPN). The Azure SAML troubleshooter was very helpful showing SAML responses from CUC.
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2023 09:22 AM
If you could share the claim setup in the IdP and the documentation that you referenced it would help us help you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2023 01:24 PM
I used these two links:
SAML SSO Microsoft Azure Identity Provider - Cisco
These docs specify different attributes for the uid but neither worked for me. I noticed uid in my CUC was UPN and this is because my Webex Connected UC directory sync is sending email address to CUC LDAP.
When I realized this, I changed uid claim to user.userprincipalname and it started working (in my env email address also is same as UPN). The Azure SAML troubleshooter was very helpful showing SAML responses from CUC.
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2023 11:51 PM - edited 09-10-2023 12:41 AM
Great that you got it to work and thanks for sharing what you did to resolve your issue. That’s very helpful for others.
