cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

1286
Views
20
Helpful
15
Replies
Highlighted

sso. cucm. expressway

Hi all.

I have cucm and expressway installed for mra. All work fine. I want to enable sso just on cucm and don't want enable it on expressway. Is it supported configuration or i need enable sso on cucm ande expressway at the same time ?

15 REPLIES 15
VIP Mentor

SSO is enabled cluster wide

SSO is enabled cluster wide on CUCM. You can't enable or disable it on expressway. Once your cluster is enabled for SSO, jabber will automatically discover it through expressway. 

Please rate all useful posts

I can enable and disable sso

I can enable and disable sso on expressway. See documentation for that product http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-5/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-5.pdf

VIP Mentor

Oh wao. I didn't even know

Deleted

Please rate all useful posts
Enthusiast

Hi Ayodeji

Hi Ayodeji

If SSO is enable on CUCM but not enable on expressway, users still be able to log in over Expressway MRA?

VIP Mentor

Yes definitely, SSO just wont

Yes definitely, SSO just wont be available and jabber will default to normal sign in.

Please rate all useful posts

HI Ayodeji.

HI Ayodeji.

How users will be able to login over MRA if they will not be ablle to acces to IdP server ?

Enthusiast

They will not

They will not

How about the other way

How about the other way around?

Can we enable SSO on Exp without enabling it on CUCM?

Thanks

Pasha.

VIP Mentor

Pasha,

Pasha,

No you need to enable SSO on both CUCM and expressway-c/e for SSO to work over MRA. This is because once the client has been asserted at the edge by the expresway, CUCM still needs to verify from IdP server that the client is authroized for the request.

Please refer here for more details

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-5-1.pdf

Please rate all useful posts

Thanks Deji,

Thanks Deji,

I read the doc, i did notice it said IdP & CUCM should exchange SAML metadata, it just didn't explicitly say SSO should be active on CUCM. I understand it was implicit, i was just hoping that someone had different experience :)

Thanks again.

Enthusiast

Test it. If SSO is enable on

Test it. If SSO is enable on the CUCM cluster,it  needs to be enable on MRA or user will not be able to log on.and will get message SSO access denied.

VIP Mentor

Yes, this is correct. SSO

Yes, this is correct. SSO needs to be enabled on all infrastructure for Jabber to work

Please rate all useful posts
Enthusiast

Looks like my testing

Looks like my testing procedure was not really good after all :)

 

YES, it is possible to have SSO enable on CUCM/Unity and not-SSO enable on Express. Then your initial comment was right!.

VIP Mentor

Thank you for the update. I

Thank you for the update. I have learnt a lot from interacting with you, so thank you

Please rate all useful posts
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here