Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1281
Views
15
Helpful
9
Replies

LDAP users are unable to login to jabber using SSO.

Yenosh
Level 1
Level 1

‎02-01-2023 08:25 PM

We have newly configured a Expressway C and E for jabber login. But LDAP users are unable to login to jabber using SSO.

When we try to login LDAP user internally using SSO getting: Password/Username incorrect.
When we try to login LDAP user over MRA using SSO getting: Cannot open page. Try again later.
LDAP users are able to login to cucm with SSO.
Local users are able to login and use jabber internally and over MRA.

We don't have IMP nodes in my infrastrcuture.


Any help would be really appreciated.

Labels:
0 Helpful
9 Replies 9

b.winter
VIP
VIP

‎02-01-2023 11:57 PM - edited ‎02-01-2023 11:58 PM

When we try to login LDAP user internally using SSO getting: Password/Username incorrect. --> Have you checked the PRT of Jabber? You can also upload it here https://cway.cisco.com/csa/ and let it analyze the PRT.

When we try to login LDAP user over MRA using SSO getting: Cannot open page. Try again later. --> If SSO doesn't work internally, I doubt it won't work via MRA too. Do you have in mind, that Jabber needs to reach the IDP directly? The communication between Jabber and IDP is not going through Expressway, Jabber needs to be able to communicate with the IDP directly.

Local users are able to login and use jabber internally and over MRA. --> How is it possible, to be able to login with local users? If SSO is enable, every authentication is done via SSO, which in principle makes local users meaningless...

Which guide have you followed to configure the IDP? There are good configuration guide, how to configure the IDP for use with CUCM

Yenosh
Level 1
Level 1
In response to b.winter

‎02-09-2023 01:32 AM

I have followed this guide to enable IDP and SSO on expressway C

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-7/exwy_b_mra-deployment/exwy_m_basic-configuration.html#task_A458A57F311E876761D31B48B30F5AD5

User is able to login to CUCM using same LDAP credentials but when trying to login to jabber using same he is getting password error

It is multi domain environment

Extenernal:test1.example.com

INternal :test1.local.com

 

Any help to fix this issue would be great help.

 

0 Helpful

b.winter
VIP
VIP
In response to Yenosh

‎02-09-2023 01:44 AM

Hi,
you should probably take it step by step. If Jabber cannot login with LDAP credentials, then I wouldn't expect that SSO is working internally / externally.

So, I would check the following and only go to the next step, if the current step is OK.
E.g. it doesn't make any sense, to test MRA login, if the internal login isn't working.

SSO is disabled.
1. Can the user login with LDAP credentials to CUCM (e.g. self-service portal)
2. Can the user login with LDAP credentials in Jabber internally.
3. Can the user login with LDAP credentials in Jabber externally via MRA.

If all this steps work, then activate SSO and do the same steps again:
SSO is enabled.
1. Can the user login via SSO to CUCM (e.g. self-service portal)
2. Can the user login via SSO in Jabber internally.
3. Can the user login via SSO in Jabber externally via MRA.

Yenosh
Level 1
Level 1
In response to b.winter

‎02-10-2023 10:20 PM

I will check and update you

0 Helpful

Yenosh
Level 1
Level 1
In response to b.winter

‎02-14-2023 07:14 PM

HI @b.winter 

 

I have disabled SSO - Able to login to CUCM but not able to login to jabber, getting username /Password error.

0 Helpful

b.winter
VIP
VIP
In response to Yenosh

‎02-14-2023 11:23 PM

Then you need to generate a Probelm Report in Jabber and check it.
You can also upload it here and let it analyze: https://cway.cisco.com/csa/

But currently I don't have a solution, other then asking if you have configured everything correclty (CSF device, assigned device in the end user page, end user has the correct access control groups assigned, configured the UC services, assigned the UC services to a service profile, assigned to service profile to a user).

You also have IM&P? If yes, check if you have any errors there.

0 Helpful

Yenosh
Level 1
Level 1

‎03-15-2023 09:04 AM

We have opened a case with TAC , TAC identified expressway-C is looking for UID filed which is not set properly in OKTA. After configuring the UID in okta application users were able to login Succefully

0 Helpful

Roger Kallberg
VIP
VIP
In response to Yenosh

‎03-15-2023 12:45 PM

Glad that you managed to get this sorted. However I thought you said that you disabled SSO? If so how can Okta be a part of the authentication flow from the Expressway(s)?



Response Signature


0 Helpful

Yenosh
Level 1
Level 1
In response to Roger Kallberg

‎03-15-2023 11:31 PM

I have disabled SSO just for testing after that I did enable it again.

0 Helpful
Customers Also Viewed These Support Documents