Re: Jabber SSO AD password expiry results in another login

richardpierce · ‎05-04-2022

Hi, we've implemented Jabber for Windows SSO using ADFS. The customer hoped that the users would not have to re-login to Jabber when their AD password was reset. They expected that the Jabber client configured for SSO would automatically use the windows credentials entered during PC login and not need the password to be added in Jabber also. Is this possible are we missing something in the setup? If not what is the advantage of SSO for Jabber?

Roger Kallberg · ‎05-04-2022

Sounds like you're missing something in the setup in your specific system landscape. With a proper setup SSO integration you should not be needing to enter any information in Jabber when you start the application on your computer, not even the user name information. It should just load and let you into the app UI without any interaction.

richardpierce · ‎05-05-2022

Thank you for the response. Have you seen this working? Even after AD password expiry and change?

Roger Kallberg · ‎05-05-2022

Yes. We where until recently using Jabber as our IM and calling client and it worked as I described earlier. Now we’re migrated fully to the Webex application and use the calling services from CUCM. It also works seamlessly with password changes.

Adam Pawlowski · ‎05-06-2022

I believe you need to support Kerberos authentication from a joined/authenticated machine for it to be seemless, otherwise the best you get is using UPN discovery.