cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5648
Views
10
Helpful
9
Replies

CUCM 11.5 issue enabling SSO

ruudvanstrijp
Level 4
Level 4

Hi,

In my lab I have recently enabld SSO for UCCX, based on ADFS running within my lab. This all works flawlessly, so I am now trying to also enable SSO on CUCM 11.5 SU2. Here I am running into an issue where running the SSO Test fails. 

I can properly do the following steps:
- Verify Tomcat Certificates (Multiserver, SHA256, signed by internal CA, in the domain where the ADFS runs as well)
- Download Trust Metadata from ADFS
- Import CUCM Metadata into ADFS

However, when I try to do the SSO test, I get a popup with a certificate error. This seems to happen because the popup doesn't go to the CUCM's FQDN, but only to it's hostname (see attachment error.png). So instead of going to uc-pod5-cucm01.pod5.local (FQDN), it is only opening uc-pod5-cucm01, which of course isn't in the certificate so this fails. If I click continue anyway, I get an "Invalid Status code in Response" error from ADFS (error2.png). I assume this is because CUCM comes in via its hostname instead of FQDN.

CUCM is set up with FQDN's in System -> Server, for the Pub, Sub and IM&P server. Things like Jabber etc are working fine, so FQDN configuration doesn't seem faulty.

Any clue why I might experience this problem?

Regards,

Ruud van Strijp

9 Replies 9

Cyril Albert
Level 1
Level 1

Hi,

 

I have the same issue running the same version.

Did you fixe your problem?

 

Thanks,

 

Cyril

Run SSO Test from SAML Sign-On Confguration uses hostname instead of FQDN
CSCvc50077

Hi,

 

Login to your ADFS server, and open PowerShell (Run as administrator). Run following command.

 

Get-ADFSRelyingPartyTrust –Name "XXXXXXX" | Set-ADFSRelyingPartyTrust –NotBeforeSkew 2

 

XXXXXXX =  Display Name of your Relying Party Trust   (for example: CUCM-Pub)

 

 

Did you get a fix for this?

Best Regards

Anyone find a fix for this on 11.5?

mattesch
Level 1
Level 1

Did anyone find a fix for this on 11.5?

I've exactly the same issue, does anybody figure it out a way to correct this?

 

Thanks!

mHadi
Level 1
Level 1

hi dear @ruudvanstrijp 

i had this problem too, with cucm 11.5

 

the fix solution is >> you must browse cucm with ip address, not fqdn,

open browser, enter ip address of cucm, login, and then go to SAML-SSO menu, and do run sso test

 

(HTH)

(if this helps, please rate)

Mohammadreza Hadi

Hi

I am having the same issue enable SSO CUCM 12.5 with ADFS-Windows2016. Tried multiple option in setting the Claim rules and Name ID but no luck.

 

Anybody have solution for this issue ?    Thanks