Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1992
Views
0
Helpful
3
Replies

CUCM : SSO for End User (OpenAM)

ccr_cisco
Level 1
Level 1

‎05-27-2013 08:35 AM - edited ‎03-19-2019 06:46 AM

Hello,

Running CUCM 8.6.2, I try to activate the SSO module for user accessing the end user configuration page and a CTI home made application writte in Java.

I use the following document for referecne :

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/miscellany/oam90-cucm8586-cuc86-sso.pdf

First question :

I see SSO can be used for CCMUser, CCMAdmin, RTMT ... does CCMUser include CTI connection via jtapi application ?

Second question :

I follows the reference guide but always get the following error when activating SSO on th CUCM in cli :

'Error: Open Access Manager (OpenAM) not configured based on FQDN"

Does someone manage to activate SSO with OpenAM ?

Thanks for your help.

Regards.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

mathias.fink
Level 1
Level 1

‎05-29-2013 05:36 AM

I got the same problem, trying to solve this by analyzing OpenAM logs and Cicso RTMT logs.

Using OpenAM version 10.1.0.

I found out that in this guide http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/miscellany/oam90-cucm8586-cuc86-sso.pdf the whole FQDN can been seen in the top banner in the OpenAM backend. But in my case only the

hostname is shown. Maybe this the problem...

Installing now a new debian7 with tomcat7 for the OpenAM server. Trying Version 10.2.0.

Please inform me if you have an idea or even found a solution.

Greets

0 Helpful

mathias.fink
Level 1
Level 1
In response to mathias.fink

‎06-11-2013 02:02 AM

Still unsolved. Anything new?

0 Helpful

Jason Burns
Level 1
Level 1

‎06-10-2014 08:33 PM

I had this problem and fixed it. We were absolutely positive that the FQDN configuration on the OpenAM server was correct. Certainly verify that first on your server, but it's not the ONLY thing that throws this error.

Looking at the OpenAM debug logs set at the Message level in the Authentication file, I was able to see numerous failed authentication attempts for the "demo" user when I tried to enable SSO.

We had earlier removed the demo user because it shouldn't be really needed for any production OpenAM deployments.

We were wrong.

I added the demo user back to the OpenDJ embedded database "Access Control > Top Level Realm > Subjects" and then I was able to enable SSO on my CUCM server.

The UserID is "demo" the password is "changeit" and all fields are mandatory, even thought First Name doesn't always have the * that indicates it is mandatory.

 

Hopefully there will be either a documentation defect or a code defect coming out of this recent discovery.

0 Helpful
Customers Also Viewed These Support Documents