09-29-2021 03:13 AM
I think I've followed the instructions at https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/216948-configure-saml-sso-on-cisco-unified-comm.html to setup SSO for CUCM & Expressway.
CUCM is working fine - as is Jabber when on-site.
But when I use Jabber remotely, it still uses CUCM authentication.
What am I likely to have missed/be doing wrong?
09-29-2021 04:12 AM
Can you please share your configuration from your MRA C for this?
09-29-2021 05:33 AM - edited 09-29-2021 08:17 AM
09-29-2021 07:55 AM
I think you might have posted the wrong screenshot.
09-29-2021 08:17 AM
Doh! Fixed.
09-29-2021 09:11 AM
Looks correct from what I can tell. What is the log in C saying? Can you also could verify that the Enterprise Parameters for SSO is set per recommendation.
10-01-2021 06:28 AM
I opened a support case. It seems we were hitting BugID CSCux56434. (SAML Response has more than one signing certificate and Expressway can't cope with it)
The workaround section is "minimal" to say the least: Either remove the excess certs from the IdP and then re-import the metadata, or manually edit the metadata file to remove reference to the other certificates (and re-import).
We're using ADFS, so these are the basic steps we did:
Once we did this users started being able to login. Some required Jabber to be reset, others required Jabber's cache to be cleared.
It's a shame Cisco haven't fixed this yet - it's quite an old bug and ADFS isn't exactly an unusual IdP for SAML. (CUCM copes with ADFS' SAML metadata file fine)
I hope this helps others.
02-09-2023 04:16 PM
Hi Gord,
After enabled SSO for Jabber on-site. How is login behaviour? Is it just IDP then straight to Jabber menu or have to go to Jabber login again?
tks,
J
02-09-2023 10:11 PM
As your question is off topic to the OP it is recommended that you open your own post to ask your question.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide