Problems with CUCM SAML SSO

kornev.yuriy · ‎12-07-2015

Good day.

I have some troubles with SAML SSO.

I installed certificates, then I configured ADFS and CUCM to use SSO.

And firstly all worked fine. I could login to CUCM and to Self-care portal with windows credentials. But there was a notifications at SAML SSO configurations page: "The IdP files for the following servers do not match the file on publisher: vcucmsub01, vcucmsub00. Please enable SSO on the respective server(s), then click on the re-import metadata icon to get the server(s) in sync."

A few days later error message had occured: "The following servers had certificate exceptions during attempt to get SSO Status: vcucmpub00, vcuppub00. Please verify the certificates on the Certificate Management page within Cisco Unified OS Administration." But SSO still had been working.

And finaly SSO had stopped operating.

Now, I have to use recover URL to bypass SSO during login to CUCM. And there is a notice and error messages at SAML SSO configuration page:

So, can anybody help me to fix this issue or, at least to troubleshoot it?

Robert.N.Barrett_2 · ‎05-07-2016

Were you ever able to resolve this problem. We are seeing the "do not match" errors today after enabling SAML SSO. We're calling TAC, but just wondered if you were ever able to resolve this...

rohanpatel · ‎05-19-2016

I am also running into same issue... As per TAC I am hitting a bug CSCuq76924.

There is no workaround, just upgrading the servers to next version. Issue is we don't have window to upgrade the servers this year and I have 11 servers to upgrade.

Has anyone found a work around.. Please let me know.

Thanks!!

lior look · ‎07-29-2018

I have experience with this on 11.5(1)SU2, any solution???

ChandanVedavyas · ‎05-05-2023

Even I have the same issue in 14SU2!