Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4491
Views
0
Helpful
8
Replies

CUCILync SSO scenario

norbert.putz
Level 1
Level 1

‎07-29-2011 05:10 AM - edited ‎03-19-2019 03:21 AM

Hi all,

we've deployed SSO in our CUCM environment. SSO works fine on the CCMUSER page when logging in with the client's web browser. I followd the Cisco Documentation to configure SSO, in that step all things have also been configured to provide SSO for CUCILync.

When I configure the clients to use SSO, CUCILync is giving me an error message:

"A device initialization error has occurred. An unexpected HTTP response code was receiving by CSF during UDS SSO call flow."

I've created a Problem Report and got the following error in the Core.log:

2011-07-29 13:40:04,477 DEBUG ... - response code is : 200

2011-07-29 13:40:04,477 WARN  ... [HttpMethodBase.getResponseBody(682)] - Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.

2011-07-29 13:40:04,478 DEBUG ... [DeviceProviderHttpUtils$CustomMultiThreadedConnectionMgr.releaseConnection(59)] - closing connection

2011-07-29 13:40:04,478 DEBUG ... [SingleSignOnUDSClient.postSecurityCheckToUDS(492)] - posting security form to UDS

2011-07-29 13:40:04,546 DEBUG ... [SingleSignOnUDSClient.getParamsFromSecurityCheckForm(619)] - number of input fields : 2

2011-07-29 13:40:04,547 DEBUG ... [SingleSignOnUDSClient.getParamsFromSecurityCheckForm(633)] - adding parameter : j_username

2011-07-29 13:40:04,547 DEBUG ... [SingleSignOnUDSClient.getParamsFromSecurityCheckForm(633)] - adding parameter : j_password

2011-07-29 13:40:04,548 INFO  ... [DeviceProviderHttpUtils.doHttpRequest(149)] - Setting certification level to '0' (ALL_CERTS)

2011-07-29 13:40:04,549 DEBUG ... [DeviceProviderHttpUtils.doHttpRequest(170)] - URL is : https://CUCMSERVER:8443/cucm-uds/user/USERID/j_security_check

2011-07-29 13:40:04,793 DEBUG ... [DeviceProviderHttpUtils.doHttpRequest(177)] - response code is : 302

2011-07-29 13:40:04,794 DEBUG ... [DeviceProviderHttpUtils$CustomMultiThreadedConnectionMgr.releaseConnection(59)] - closing connection

2011-07-29 13:40:04,794 DEBUG ... [SingleSignOnUDSClient.doFinalRequestToUDS(532)] - doing final request to UDS

2011-07-29 13:40:04,800 INFO  ... [DeviceProviderHttpUtils.doHttpRequest(149)] - Setting certification level to '0' (ALL_CERTS)

2011-07-29 13:40:04,802 DEBUG ... [DeviceProviderHttpUtils.doHttpRequest(170)] - URL is : https://CUCMSERVER:8443/cucm-uds

2011-07-29 13:40:04,821 DEBUG ... [DeviceProviderHttpUtils.doHttpRequest(177)] - response code is : 404

2011-07-29 13:40:04,822 WARN  ... [SingleSignOnUDSClient.validateResponseCode(666)] - unexpected http response code in [doFinalRequestToUDS] expected=[200] actual=[404]

2011-07-29 13:40:04,822 ERROR [ws-pool-thread-2] [DeviceAdapter] [DeviceServiceImpl.initialize(435)] - Problem initializing on the Device service. unexpected http response code in [doFinalRequestToUDS] expected=[200] actual=[404]

com.cisco.uc.core.common.exceptions.device.DeviceProviderFailureCoreException: unexpected http response code in [doFinalRequestToUDS] expected=[200] actual=[404]

Any idea whats going wrong? Why I'm getting HTTP 404?

CUCILync: v 8.5.3

CUCM: v 8.5.1.12017-2

Kind regards,

Norbert

1 person had this problem
Labels:
0 Helpful
8 Replies 8

choiwon
Cisco Employee
Cisco Employee

‎07-31-2011 11:53 PM

based on the PRT, you're getting response 404 (NOT found) as the CUCILync is having an issue with the URL: CUCMSERVE:8443/cucm-uds

Can you try browsing to this url on the browser? also have you got the SSO enabled (utils sso status & utils sso enble)

Sent from Cisco Technical Support iPad App

0 Helpful

norbert.putz
Level 1
Level 1
In response to choiwon

‎08-01-2011 01:44 AM

Hi,

when I browse to the url in my browser I'm getting the same thing. "HTTP 404 - The requested resource () ist not available"

SSO status is "Enabled". SSO works fine when I browse to the user page "https://cucmserver:8443/ccmuser"

Norbert

0 Helpful

jefflocktsg
Level 1
Level 1
In response to norbert.putz

‎11-30-2012 11:19 AM

I have this same issue and I can see that if I paste in the entire URL that CUCI-LYNC requires, it does retrieve the right information through OpenAM. For example:

https://cucm.fqdn:8443/cucm-uds/user/username/devices works just fine and sends me an XML page I can view in IE after going through the OPEN SSO. The problem is specifically with the final check back setting the URL as just https://cucm.fqdn:8443/cucm-uds which returns the 404. if I strip out the :8443 section, I just get a resource is forbidden error. Any solution to this?

0 Helpful

tjohannessen
Level 1
Level 1

‎01-17-2013 04:36 AM

I am also facing this.

Anyone found a solution yet?

0 Helpful

tjohannessen
Level 1
Level 1

‎01-23-2013 05:18 AM

Update:

Had to disable and reenable sso on the CM's

Then everything came up!

0 Helpful

Yorick Petey
Level 4
Level 4
In response to tjohannessen

‎04-04-2013 05:14 AM

Hello guys,

I am doing the same kind of configuration with Cucilync 8.6 and CUCM 8.6 + OpenAM 10.0.

The CCMUser/admin SSO is working, I still have problems with the RTMT and I will soon activate it for Cucilync.

But before doing that, I have a functional question for you that run this in production.

In the case that the openAM server is down, or the CUCM cannot reach it, or there is a configuration problem between the OpenAM server and the AD, when cucilync starts and fails to SSO with it, how does the client react? Does the user at least get the normal login panel to enter manually his password?

For RTMT for instance, if it fails, I cannot enter manually the credentials...

Thank you for your feedbacks.

Yorick

0 Helpful

Yorick Petey
Level 4
Level 4

‎04-08-2013 08:59 AM

Today I activated SSO for cucilync (8.6). I have exactly the same problem that Norbert had.

I tried to disable and enable SSO just for cucilync but no success.

When I look into the core.log file, I have exactly the same error.

The first https request asks for a redirect (302) but then when the URL is /cucm-uds/ I get a 404 error.

CUCMUser SSO is working fine, so I think that our OpenAM integration is not the problem.

Norbert, jefflocktsg, any feedback?

Thank you for your help.

Yorick

0 Helpful

Jason Burns
Level 1
Level 1
In response to Yorick Petey

‎10-25-2013 05:58 PM

We encountered this same issue with CUCILync redirecting to cucm-uds and then subsequently getting a 404 error message.

We resolved the problem by configuring the following setting on OpenAM and then restarting Tomcat on the CUCM servers:

J2EE Agent -> CUCM Server Profile (Must be done on EACH server profile!) -> Main Page -> HTTP Session Binding: Disabled

This setting for HTTP Session Binding is enabled by default but with it Enabled CUCILync seems to fail in the exact way above with a 404 error.

After disabling this setting and restarting Tomcat on the CUCM server to refresh the J2EE Agent CUCILync works as expected.

Don't ask me HOW this works or what it does - but it seems to be required.

0 Helpful
Customers Also Viewed These Support Documents