05-27-2013 08:35 AM - edited 03-19-2019 06:46 AM
Hello,
Running CUCM 8.6.2, I try to activate the SSO module for user accessing the end user configuration page and a CTI home made application writte in Java.
I use the following document for referecne :
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/miscellany/oam90-cucm8586-cuc86-sso.pdf
First question :
I see SSO can be used for CCMUser, CCMAdmin, RTMT ... does CCMUser include CTI connection via jtapi application ?
Second question :
I follows the reference guide but always get the following error when activating SSO on th CUCM in cli :
'Error: Open Access Manager (OpenAM) not configured based on FQDN"
Does someone manage to activate SSO with OpenAM ?
Thanks for your help.
Regards.
05-29-2013 05:36 AM
I got the same problem, trying to solve this by analyzing OpenAM logs and Cicso RTMT logs.
Using OpenAM version 10.1.0.
I found out that in this guide http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/miscellany/oam90-cucm8586-cuc86-sso.pdf the whole FQDN can been seen in the top banner in the OpenAM backend. But in my case only the
hostname is shown. Maybe this the problem...
Installing now a new debian7 with tomcat7 for the OpenAM server. Trying Version 10.2.0.
Please inform me if you have an idea or even found a solution.
Greets
06-11-2013 02:02 AM
Still unsolved. Anything new?
06-10-2014 08:33 PM
I had this problem and fixed it. We were absolutely positive that the FQDN configuration on the OpenAM server was correct. Certainly verify that first on your server, but it's not the ONLY thing that throws this error.
Looking at the OpenAM debug logs set at the Message level in the Authentication file, I was able to see numerous failed authentication attempts for the "demo" user when I tried to enable SSO.
We had earlier removed the demo user because it shouldn't be really needed for any production OpenAM deployments.
We were wrong.
I added the demo user back to the OpenDJ embedded database "Access Control > Top Level Realm > Subjects" and then I was able to enable SSO on my CUCM server.
The UserID is "demo" the password is "changeit" and all fields are mandatory, even thought First Name doesn't always have the * that indicates it is mandatory.
Hopefully there will be either a documentation defect or a code defect coming out of this recent discovery.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide