Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5641
Views
10
Helpful
9
Replies

CUCM 11.5 issue enabling SSO

ruudvanstrijp
Level 4
Level 4

‎03-23-2017 03:00 AM - edited ‎03-17-2019 09:53 AM

Hi,

In my lab I have recently enabld SSO for UCCX, based on ADFS running within my lab. This all works flawlessly, so I am now trying to also enable SSO on CUCM 11.5 SU2. Here I am running into an issue where running the SSO Test fails. 

I can properly do the following steps:
- Verify Tomcat Certificates (Multiserver, SHA256, signed by internal CA, in the domain where the ADFS runs as well)
- Download Trust Metadata from ADFS
- Import CUCM Metadata into ADFS

However, when I try to do the SSO test, I get a popup with a certificate error. This seems to happen because the popup doesn't go to the CUCM's FQDN, but only to it's hostname (see attachment error.png). So instead of going to uc-pod5-cucm01.pod5.local (FQDN), it is only opening uc-pod5-cucm01, which of course isn't in the certificate so this fails. If I click continue anyway, I get an "Invalid Status code in Response" error from ADFS (error2.png). I assume this is because CUCM comes in via its hostname instead of FQDN.

CUCM is set up with FQDN's in System -> Server, for the Pub, Sub and IM&P server. Things like Jabber etc are working fine, so FQDN configuration doesn't seem faulty.

Any clue why I might experience this problem?

Regards,

Ruud van Strijp

4 people had this problem
Labels:
Preview file
30 KB
Preview file
12 KB
0 Helpful
9 Replies 9

Cyril Albert
Level 1
Level 1

‎08-30-2017 05:34 AM

Hi,

 

I have the same issue running the same version.

Did you fixe your problem?

 

Thanks,

 

Cyril

0 Helpful

Cyril Albert
Level 1
Level 1
In response to Cyril Albert

‎08-30-2017 06:16 AM

Run SSO Test from SAML Sign-On Confguration uses hostname instead of FQDN
CSCvc50077

AmirHK
Level 1
Level 1
In response to Cyril Albert

‎08-04-2018 03:27 AM

Hi,

 

Login to your ADFS server, and open PowerShell (Run as administrator). Run following command.

 

Get-ADFSRelyingPartyTrust –Name "XXXXXXX" | Set-ADFSRelyingPartyTrust –NotBeforeSkew 2

 

XXXXXXX =  Display Name of your Relying Party Trust   (for example: CUCM-Pub)

 

 

0 Helpful

Hermanus Janse van Vuuren
Level 5
Level 5

‎09-27-2018 02:06 PM

Did you get a fix for this?

Best Regards
0 Helpful

mattesch
Level 1
Level 1
In response to Hermanus Janse van Vuuren

‎01-23-2019 08:12 PM

Anyone find a fix for this on 11.5?

0 Helpful

mattesch
Level 1
Level 1

‎01-23-2019 08:13 PM

Did anyone find a fix for this on 11.5?

0 Helpful

Enric92
Level 1
Level 1
In response to mattesch

‎04-11-2019 03:06 AM

I've exactly the same issue, does anybody figure it out a way to correct this?

 

Thanks!

0 Helpful

mHadi
Level 1
Level 1

‎06-07-2021 12:26 AM - edited ‎06-07-2021 12:31 AM

hi dear @ruudvanstrijp 

i had this problem too, with cucm 11.5

 

the fix solution is >> you must browse cucm with ip address, not fqdn,

open browser, enter ip address of cucm, login, and then go to SAML-SSO menu, and do run sso test

 

(HTH)

(if this helps, please rate)

Mohammadreza Hadi

00u1215zomQUf8swq5d7
Level 1
Level 1

‎07-16-2021 03:51 AM

Hi

I am having the same issue enable SSO CUCM 12.5 with ADFS-Windows2016. Tried multiple option in setting the Claim rules and Name ID but no luck.

 

Anybody have solution for this issue ?    Thanks

 

0 Helpful
Customers Also Viewed These Support Documents