02-10-2023 10:30 PM
hi Expert,
Anyone know what is real different between "cluster wide" vs "per node" SSO Mode in UCM?
Dont tell me , one metadata per cluster/node ( I can read that myself in UCM page
I am more interested on why we choose "per Node" and is there any specific scenario people choose this ? and What impact we not aware of when use "per node" ?
Thanks,
J
Solved! Go to Solution.
02-16-2023 03:37 AM
It won’t restart Jabber automatically but I recommend advising users that they may need to logout and back in to Jabber. It has not always handled this transition as gracefully as we’d like. Once Tomcat restarts on CUCM-IM&P any HTTP/S requests are going to fail until the client coughs up a SAML cookie (or OAuth token). In a perfect world Jabber would realize what has happened and trigger a SSO login on the spot. It hasn’t reliably in my experience.
02-16-2023 10:25 PM
I also read in Cisco doc, you can not use Oauth when use Webex App ( that got messaging from Webex, but calling from UCM) ?
02-16-2023 10:41 PM
@Jes80 Where have you read that? That’s not my experience at all. We use the Webex application, with UCM calling and messaging in the cloud, with refresh token, ie an Oauth token, without any issues.
02-16-2023 10:53 PM
In this document:
Deploying OAuth with Cisco Collaboration
Solution Release 12.0
Authors: Bryan Morris, Kevin Roarty (Collaboration Technical Marketing)
Last Updated: December 2017
02-17-2023 03:37 AM
I think that is related to something else than the refresh token. Apart from that it’s six years old and a lot has changed for Webex in that time. In 2017 there was no new Webex application, so likely what is referenced as Webex in that publication is Webex Meetings and that’s something all together different.
02-17-2023 05:49 AM
Is it this part of the document that you referenced?
Hybrid deployment with WebEx Messenger
Cisco Jabber can also be run in a hybrid environment where instant message and presence services are provided by the Cisco WebEx Messenger cloud service. Telephony services in this model are provided by Unified CM. In this model OAuth operation is not supported.
If so that’s not related to the Webex application. Webex Messaging is something else that was used with Jabber messaging in the cloud and that service has since been deprecated.
02-17-2023 02:10 PM
Correct that is the one I refer to. Thanks for clarifying, we used Webex Desktop Meeting.
02-16-2023 06:15 PM
Thanks Roger,
I will setup refresh tokens at the same time when enabled SSO. Is there any impact to other UC applicaiton I need to be aware of for enable refresh token?
Rgds,
J
02-16-2023 10:42 PM - edited 02-16-2023 10:46 PM
No. As these two are mutually exclusive functions I would suggest that you turn on use of refresh token awhile before you turn on SSO. In fact I would suggest that you do that as soon as possible as it would not do anything bad, it would actually make the UX for your users a lot better.
02-16-2023 10:51 PM
Thanks, will enable it, do you see an issue if I enabled refresh token and SSO in the same change window?
02-17-2023 03:32 AM - edited 02-17-2023 03:32 AM
Yes. Otherwise I would not have made my previous comment.
02-17-2023 02:12 PM
When you mean enable "Refresh Token " , just Go To "Enterprise Parameter" and enable it?
02-17-2023 11:03 PM
Yes. In that same section there is another setting that is recommended to be changed for getting a good working solution for any devices with iOS. The default is for these clients to use the embedded web browser and that doesn’t result in a good UX for your users. For a better experience it is recommended to set this to the other option, where it uses Safari as the web browser instead. This is so that the application on the Apple device can access the certificate trust store on the device.
02-21-2023 03:19 PM
Hi Jonathan,
I tried to use per-node IDP, however the wizard menu on CIsco Call Manager 12.5.1 SU7 does not work to upload the next IDP Metadata for Subscriber and IMPs. It only able to upload IdP metadata for UCM Publisher.
So when I clicked the "IdP", it just load and then gone, not give you option to upload IdP Metadata.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide