cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

903
Views
5
Helpful
6
Replies
Explorer

How to use URI (E-mail) authentication from MRA - different domain through Expressway-C

Hi,

I'm not able to log from MRA using my E-mail address. How to resolve it?

My account is iantra123@domain.local  (it is my domain in local, not resolved on internet)

My email(URI) address is Antra.Antra@internetresolvabledomain.com

If I'm login from internet using my Active Directory ID combined with my external domain internetresolvabledomain.com, i.e iantra123@internetresolvabledomain.com, then it succeed.

But if I'm using my e-mail address, it cannot be authenticated because the Expressway remove the domain, then ask the CUCM about the authentication.

Question: How can I tell the Expressway-C that this domain is an e-mail (URI) address of my account iantra123?

And tell the Expressway-C to not remove this domain for the authentication?

Regards,

Antra

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Cisco Employee

Correct, over MRA, when it

Correct, over MRA, when it uses UDS to find the user in your CUCM, it will only work if you use the JID, if you use email, it will return a not found message, you can see that in the EXP-C logs.

HTH

java

if this helps, please rate
6 REPLIES 6
Hall of Fame Cisco Employee

Not sure I'm following how

Not sure I'm following how you have this configured, but not being able to login with your email (unless that is exactly the same as your JID) is the expected behavior, you can login internally using your JID or email (the email will automatically be mapped to your JID), but from the outside, you can only use your JID.

If your email and your JID are NOT the same, that is expected not to work.

HTH

java

if this helps, please rate
Explorer

Hi,

Hi,

If I understand, the expressway cannot do the automatic mapping of e-mail to the JID, like Jabber do. Right or not?

Jabber get the e-mail from the first login field, then it search the domain, then search correct owner of the e-mail toward the CUCM (or the IMP ?)

regards,

Antra

Hall of Fame Cisco Employee

Correct, over MRA, when it

Correct, over MRA, when it uses UDS to find the user in your CUCM, it will only work if you use the JID, if you use email, it will return a not found message, you can see that in the EXP-C logs.

HTH

java

if this helps, please rate
Explorer

Thank you very much.

Thank you very much.

I suggest Expressway team to add this feature on their future version. :-)

I paste here the link about the MRA call flow that I've found in this forum a

https://supportforums.cisco.com/sites/default/files/jabber-mra-call_flow-detailed.pdf

Thanks again

Antra

Highlighted
Beginner

Re: Thank you very much.

Hi,

only a question about this: would it works with Expressway 8.10 and CUCM 12.1 to login with the email address from outside?

 

We use UDS at this time and will probably habe some change in the next future e.g. change domains: I'm wondering if it make sense to use the same domain inside and outside the company (split DNS), maybe would be the best user experience for the Jabber user, in particular at the forst login.

 

But I would not like to change from UDS to EDI...if possible.

Thanks,

Mirko

 

Beginner

Re: How to use URI (E-mail) authentication from MRA - different domain through Expressway-C

Hi,

 

I've been struggling with this kind of deployment too for long time... I always wanted to be able to login with the mail whether I'm inside or outside of the corporate network, I think it's much more intuitive and seamless for end users!

 

But the problem is the following: Expressway Core will send the request to UCM to authenticate the user and it seems UCM only tries to make your login match with the userID field. So in the Core logs, you will see those logs:

 

User="('username', 'xxxxxxxx')" Reason="Unable to determine home CUCM" Reason="No home cluster found for user" UTCTime="2019-02-05 08:29:21,186"

 

The only way to be able to make it work is:

- either be lucky and have a match between the sAMAccountname and the user portion of your mail ^^ (which is rarely the case)

- or map the cisco userID field to the mail address for the dirsync.

 

I have tested the 2nd solution and it works. But using the mail address as a userID might lead to some side effects. Especially for login into EM (imagine an end user that has to enter his/her mail as an ID...) unless you deploy UCMv12 and use something else as an ID.

 

HTH,

 

 

Rémi

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards