Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1761
Views
2
Helpful
3
Replies

Azure IdP SSO for Unity Connection 403 error

Go to solution
tato386
Level 6
Level 6

‎09-08-2023 06:19 AM

Hello,

I have the SAML SSO test completing successfully from the CUC admin console but when I try to login with SSO I get:

Message: Access to the requested resource has been denied
Description: http.403

research tells me that this is most likely a user attribute mapping error but not sure how to proceed.  I used a doc from Cisco and also tried one from Microsoft (Microsoft had newer date) that use different attributes and claims but both give the 403 error.

I I test from Azure I get: 

https://cuc.mydomain.com/ssosp/error?id=1000000

error while processing SAML response

TIA,

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tato386
Level 6
Level 6
In response to Roger Kallberg

‎09-09-2023 01:24 PM

I used these two links:

Azure Active Directory SSO integration with Cisco Unity Connection - Microsoft Entra | Microsoft Learn

SAML SSO Microsoft Azure Identity Provider - Cisco

These docs specify different attributes for the uid but neither worked for me.  I noticed uid in my CUC was UPN and this is because my Webex Connected UC directory sync is sending email address to CUC LDAP.

When I realized this, I changed uid claim to  user.userprincipalname and it started working (in my env email address also is same as UPN).  The Azure SAML troubleshooter was very helpful showing SAML responses from CUC.

Thank you

View solution in original post

3 Replies 3

Go to solution
Roger Kallberg
VIP
VIP

‎09-08-2023 09:22 AM

If you could share the claim setup in the IdP and the documentation that you referenced it would help us help you.



Response Signature


Go to solution
tato386
Level 6
Level 6
In response to Roger Kallberg

‎09-09-2023 01:24 PM

I used these two links:

Azure Active Directory SSO integration with Cisco Unity Connection - Microsoft Entra | Microsoft Learn

SAML SSO Microsoft Azure Identity Provider - Cisco

These docs specify different attributes for the uid but neither worked for me.  I noticed uid in my CUC was UPN and this is because my Webex Connected UC directory sync is sending email address to CUC LDAP.

When I realized this, I changed uid claim to  user.userprincipalname and it started working (in my env email address also is same as UPN).  The Azure SAML troubleshooter was very helpful showing SAML responses from CUC.

Thank you

Go to solution
Roger Kallberg
VIP
VIP
In response to tato386

‎09-09-2023 11:51 PM - edited ‎09-10-2023 12:41 AM

Great that you got it to work and thanks for sharing what you did to resolve your issue. That’s very helpful for others.



Response Signature


0 Helpful
Top