cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

588
Views
0
Helpful
3
Replies
Beginner

Centralised IM and Presence

We have installed a Centralised CM and IM&P cluster, but have hit a wall with Jabber sign in.

 

For service discovery, our UDS SRV record points to our SME for the Home cluster.

Our SME cluster is the Hub of our ILS network, with all leaf clusters, including the Centralised CM and IM&P cluster are Spoke clusters. 

 

We have SSO configured throughout all clusters, using FQDN multi-SAN single agreement SAML trusts, with OAuth Refresh Logins enabled for each cluster.

 

Some errors we receive in Jabber log and SSO log on IM&P:

Jabber:

2018-05-16 16:34:53,855 DEBUG [IMPServices] [CSFUnified::IMPStackCap::Login::OnLoginError] - Entry

2018-05-16 16:34:53,855 DEBUG [IMPServices] [CSFUnified::IMPStackCap::Login::OnLoginError] - ****************************************************************

2018-05-16 16:34:53,855 DEBUG [IMPServices] [CSFUnified::Outage::onServerDisconnection] - ****************ATTENTION********************

2018-05-16 16:34:53,855 INFO [IMPServices] [CSFUnified::IMPStackCap::Login::OnLoginError] - OnLoginError: LERR_CUP_SSOTOKEN_INVALID <28>:

2018-05-16 16:34:53,855 DEBUG [IMPServices] [CSFUnified::IMPStackCap::Login::OnLoginError] - ****************************************************************

2018-05-16 16:34:53,855 DEBUG [IMPServices] [CSFUnified::LoginEventListenerImpl::OnLoginCredentialInvalid] - Login Credential Invalid

 

SSO log:

2018-05-16 16:34:53,389 INFO [http-bio-443-exec-19] servlet.OauthServlet - doPost :: POST request for servletPath:/token/validate
2018-05-16 16:34:53,389 INFO [http-bio-443-exec-19] handlers.ValidateTokenHandler - processRequest
2018-05-16 16:34:53,390 ERROR [http-bio-443-exec-19] token.TokenV2Manager - JWS Token header error or signing key mismatch: {"alg":"RS256","typ":"JWT","kid":"..."}

 

We had a case open with TAC, but couldn't be resolved and case was closed. This is set up in a lab environment so couldn't escalate to developers.

 

Anyone else working on this?

 

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/configAdminGuide/12_0_1/cup0_b_config-admin-guide-imp-1201/cup0_b_config-admin-guide-imp-1201_chapter_011000.html

 

 

 

 

3 REPLIES 3
Highlighted
Beginner

Re: Centralised IM and Presence

Hi, I am getting the same error for a single user, what did TAC suggest

Beginner

Re: Centralised IM and Presence

Sorry there was no solution and closed the case.
Please let me know if you get it working 😊
Beginner

Re: Centralised IM and Presence

I meet the issue after upgrading from 12.0 to 12.5. Everything is working normally if I disable OAuth with Refresh Login Flow. I guess the issue related to IM&P cannot fetch the OAuth token keys from CUCM.
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards