cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1322
Views
20
Helpful
15
Replies
Highlighted

sso. cucm. expressway

Hi all.

I have cucm and expressway installed for mra. All work fine. I want to enable sso just on cucm and don't want enable it on expressway. Is it supported configuration or i need enable sso on cucm ande expressway at the same time ?

15 REPLIES 15
Highlighted
VIP Mentor

SSO is enabled cluster wide

SSO is enabled cluster wide on CUCM. You can't enable or disable it on expressway. Once your cluster is enabled for SSO, jabber will automatically discover it through expressway. 

Please rate all useful posts
Highlighted

I can enable and disable sso

I can enable and disable sso on expressway. See documentation for that product http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-5/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-5.pdf

Highlighted
VIP Mentor

Oh wao. I didn't even know

Deleted

Please rate all useful posts
Highlighted
Enthusiast

Hi Ayodeji

Hi Ayodeji

If SSO is enable on CUCM but not enable on expressway, users still be able to log in over Expressway MRA?

Highlighted
VIP Mentor

Yes definitely, SSO just wont

Yes definitely, SSO just wont be available and jabber will default to normal sign in.

Please rate all useful posts
Highlighted

HI Ayodeji.

HI Ayodeji.

How users will be able to login over MRA if they will not be ablle to acces to IdP server ?

Highlighted
Enthusiast

They will not

They will not

Highlighted

How about the other way

How about the other way around?

Can we enable SSO on Exp without enabling it on CUCM?

Thanks

Pasha.

Highlighted
VIP Mentor

Pasha,

Pasha,

No you need to enable SSO on both CUCM and expressway-c/e for SSO to work over MRA. This is because once the client has been asserted at the edge by the expresway, CUCM still needs to verify from IdP server that the client is authroized for the request.

Please refer here for more details

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-5-1.pdf

Please rate all useful posts

Thanks Deji,

Thanks Deji,

I read the doc, i did notice it said IdP & CUCM should exchange SAML metadata, it just didn't explicitly say SSO should be active on CUCM. I understand it was implicit, i was just hoping that someone had different experience :)

Thanks again.

Highlighted
Enthusiast

Test it. If SSO is enable on

Test it. If SSO is enable on the CUCM cluster,it  needs to be enable on MRA or user will not be able to log on.and will get message SSO access denied.

Highlighted
VIP Mentor

Yes, this is correct. SSO

Yes, this is correct. SSO needs to be enabled on all infrastructure for Jabber to work

Please rate all useful posts
Highlighted
Enthusiast

Looks like my testing

Looks like my testing procedure was not really good after all :)

 

YES, it is possible to have SSO enable on CUCM/Unity and not-SSO enable on Express. Then your initial comment was right!.

Highlighted
VIP Mentor

Thank you for the update. I

Thank you for the update. I have learnt a lot from interacting with you, so thank you

Please rate all useful posts
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here