Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Centralised IM and Presence

Reece
Level 1
Level 1

‎06-06-2018 05:20 PM - edited ‎03-19-2019 01:23 PM

We have installed a Centralised CM and IM&P cluster, but have hit a wall with Jabber sign in.

 

For service discovery, our UDS SRV record points to our SME for the Home cluster.

Our SME cluster is the Hub of our ILS network, with all leaf clusters, including the Centralised CM and IM&P cluster are Spoke clusters. 

 

We have SSO configured throughout all clusters, using FQDN multi-SAN single agreement SAML trusts, with OAuth Refresh Logins enabled for each cluster.

 

Some errors we receive in Jabber log and SSO log on IM&P:

Jabber:

2018-05-16 16:34:53,855 DEBUG [IMPServices] [CSFUnified::IMPStackCap::Login::OnLoginError] - Entry

2018-05-16 16:34:53,855 DEBUG [IMPServices] [CSFUnified::IMPStackCap::Login::OnLoginError] - ****************************************************************

2018-05-16 16:34:53,855 DEBUG [IMPServices] [CSFUnified::Outage::onServerDisconnection] - ****************ATTENTION********************

2018-05-16 16:34:53,855 INFO [IMPServices] [CSFUnified::IMPStackCap::Login::OnLoginError] - OnLoginError: LERR_CUP_SSOTOKEN_INVALID <28>:

2018-05-16 16:34:53,855 DEBUG [IMPServices] [CSFUnified::IMPStackCap::Login::OnLoginError] - ****************************************************************

2018-05-16 16:34:53,855 DEBUG [IMPServices] [CSFUnified::LoginEventListenerImpl::OnLoginCredentialInvalid] - Login Credential Invalid

 

SSO log:

2018-05-16 16:34:53,389 INFO [http-bio-443-exec-19] servlet.OauthServlet - doPost :: POST request for servletPath:/token/validate
2018-05-16 16:34:53,389 INFO [http-bio-443-exec-19] handlers.ValidateTokenHandler - processRequest
2018-05-16 16:34:53,390 ERROR [http-bio-443-exec-19] token.TokenV2Manager - JWS Token header error or signing key mismatch: {"alg":"RS256","typ":"JWT","kid":"..."}

 

We had a case open with TAC, but couldn't be resolved and case was closed. This is set up in a lab environment so couldn't escalate to developers.

 

Anyone else working on this?

 

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/configAdminGuide/12_0_1/cup0_b_config-admin-guide-imp-1201/cup0_b_config-admin-guide-imp-1201_chapter_011000.html

 

 

 

 

2 people had this problem
0 Helpful
Who Me Too'd this topic