07-29-2011 05:10 AM - edited 03-19-2019 03:21 AM
Hi all,
we've deployed SSO in our CUCM environment. SSO works fine on the CCMUSER page when logging in with the client's web browser. I followd the Cisco Documentation to configure SSO, in that step all things have also been configured to provide SSO for CUCILync.
When I configure the clients to use SSO, CUCILync is giving me an error message:
"A device initialization error has occurred. An unexpected HTTP response code was receiving by CSF during UDS SSO call flow."
I've created a Problem Report and got the following error in the Core.log:
2011-07-29 13:40:04,477 DEBUG ... - response code is : 200
2011-07-29 13:40:04,477 WARN ... [HttpMethodBase.getResponseBody(682)] - Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
2011-07-29 13:40:04,478 DEBUG ... [DeviceProviderHttpUtils$CustomMultiThreadedConnectionMgr.releaseConnection(59)] - closing connection
2011-07-29 13:40:04,478 DEBUG ... [SingleSignOnUDSClient.postSecurityCheckToUDS(492)] - posting security form to UDS
2011-07-29 13:40:04,546 DEBUG ... [SingleSignOnUDSClient.getParamsFromSecurityCheckForm(619)] - number of input fields : 2
2011-07-29 13:40:04,547 DEBUG ... [SingleSignOnUDSClient.getParamsFromSecurityCheckForm(633)] - adding parameter : j_username
2011-07-29 13:40:04,547 DEBUG ... [SingleSignOnUDSClient.getParamsFromSecurityCheckForm(633)] - adding parameter : j_password
2011-07-29 13:40:04,548 INFO ... [DeviceProviderHttpUtils.doHttpRequest(149)] - Setting certification level to '0' (ALL_CERTS)
2011-07-29 13:40:04,549 DEBUG ... [DeviceProviderHttpUtils.doHttpRequest(170)] - URL is : https://CUCMSERVER:8443/cucm-uds/user/USERID/j_security_check
2011-07-29 13:40:04,793 DEBUG ... [DeviceProviderHttpUtils.doHttpRequest(177)] - response code is : 302
2011-07-29 13:40:04,794 DEBUG ... [DeviceProviderHttpUtils$CustomMultiThreadedConnectionMgr.releaseConnection(59)] - closing connection
2011-07-29 13:40:04,794 DEBUG ... [SingleSignOnUDSClient.doFinalRequestToUDS(532)] - doing final request to UDS
2011-07-29 13:40:04,800 INFO ... [DeviceProviderHttpUtils.doHttpRequest(149)] - Setting certification level to '0' (ALL_CERTS)
2011-07-29 13:40:04,802 DEBUG ... [DeviceProviderHttpUtils.doHttpRequest(170)] - URL is : https://CUCMSERVER:8443/cucm-uds
2011-07-29 13:40:04,821 DEBUG ... [DeviceProviderHttpUtils.doHttpRequest(177)] - response code is : 404
2011-07-29 13:40:04,822 WARN ... [SingleSignOnUDSClient.validateResponseCode(666)] - unexpected http response code in [doFinalRequestToUDS] expected=[200] actual=[404]
2011-07-29 13:40:04,822 ERROR [ws-pool-thread-2] [DeviceAdapter] [DeviceServiceImpl.initialize(435)] - Problem initializing on the Device service. unexpected http response code in [doFinalRequestToUDS] expected=[200] actual=[404]
com.cisco.uc.core.common.exceptions.device.DeviceProviderFailureCoreException: unexpected http response code in [doFinalRequestToUDS] expected=[200] actual=[404]
Any idea whats going wrong? Why I'm getting HTTP 404?
CUCILync: v 8.5.3
CUCM: v 8.5.1.12017-2
Kind regards,
Norbert
07-31-2011 11:53 PM
based on the PRT, you're getting response 404 (NOT found) as the CUCILync is having an issue with the URL: CUCMSERVE:8443/cucm-uds
Can you try browsing to this url on the browser? also have you got the SSO enabled (utils sso status & utils sso enble)
Sent from Cisco Technical Support iPad App
08-01-2011 01:44 AM
Hi,
when I browse to the url in my browser I'm getting the same thing. "HTTP 404 - The requested resource () ist not available"
SSO status is "Enabled". SSO works fine when I browse to the user page "https://cucmserver:8443/ccmuser"
Norbert
11-30-2012 11:19 AM
I have this same issue and I can see that if I paste in the entire URL that CUCI-LYNC requires, it does retrieve the right information through OpenAM. For example:
https://cucm.fqdn:8443/cucm-uds/user/username/devices works just fine and sends me an XML page I can view in IE after going through the OPEN SSO. The problem is specifically with the final check back setting the URL as just https://cucm.fqdn:8443/cucm-uds which returns the 404. if I strip out the :8443 section, I just get a resource is forbidden error. Any solution to this?
01-17-2013 04:36 AM
I am also facing this.
Anyone found a solution yet?
01-23-2013 05:18 AM
Update:
Had to disable and reenable sso on the CM's
Then everything came up!
04-04-2013 05:14 AM
Hello guys,
I am doing the same kind of configuration with Cucilync 8.6 and CUCM 8.6 + OpenAM 10.0.
The CCMUser/admin SSO is working, I still have problems with the RTMT and I will soon activate it for Cucilync.
But before doing that, I have a functional question for you that run this in production.
In the case that the openAM server is down, or the CUCM cannot reach it, or there is a configuration problem between the OpenAM server and the AD, when cucilync starts and fails to SSO with it, how does the client react? Does the user at least get the normal login panel to enter manually his password?
For RTMT for instance, if it fails, I cannot enter manually the credentials...
Thank you for your feedbacks.
Yorick
04-08-2013 08:59 AM
Today I activated SSO for cucilync (8.6). I have exactly the same problem that Norbert had.
I tried to disable and enable SSO just for cucilync but no success.
When I look into the core.log file, I have exactly the same error.
The first https request asks for a redirect (302) but then when the URL is /cucm-uds/ I get a 404 error.
CUCMUser SSO is working fine, so I think that our OpenAM integration is not the problem.
Norbert, jefflocktsg, any feedback?
Thank you for your help.
Yorick
10-25-2013 05:58 PM
We encountered this same issue with CUCILync redirecting to cucm-uds and then subsequently getting a 404 error message.
We resolved the problem by configuring the following setting on OpenAM and then restarting Tomcat on the CUCM servers:
J2EE Agent -> CUCM Server Profile (Must be done on EACH server profile!) -> Main Page -> HTTP Session Binding: Disabled
This setting for HTTP Session Binding is enabled by default but with it Enabled CUCILync seems to fail in the exact way above with a 404 error.
After disabling this setting and restarting Tomcat on the CUCM server to refresh the J2EE Agent CUCILync works as expected.
Don't ask me HOW this works or what it does - but it seems to be required.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide