Does anyone know how Jabber clients pick the SSO server for SSO logins? We recently added 2 news subscribers to our cluster, but they are not in any CM groups at this time as we prepare to move phones to those new groups.
We started to get reports today that SSO was failing on Jabber for Windows and found that the authentication was being attempted on one of the new subscribers. We fixed immediately by updating the SAML server with the new subs metadata.
What I want to know is what process does Jabber use to pick a CUCM server to authenticate against. If there are 5 available servers and one of them fails, why would it not pick another one? Does the Jabber client chose the server that is closest to the client?!
Sorry, I have been out of the office. Thanks for the diagram, I understand that flow. The issue is this, one of our servers in the cluster did not have SSO enabled (it was a new build) and login was being denied. What I don't understand is why wouldn't the client use another server in the cluster?
Once I updated the metadata on the new CUCM node, everything was fine. So I was asking in the event that we had an issue with a SUB, SSO could potentially break users signing into Jabber since the client doesn't seem to try another node in the cluster.