CUCM SSO export all metadata issue

Arun Kalpathi Ganapathi · ‎04-18-2018

My CUCM lab server running 11.5.1.12900-21 on UCS c240 chassis had an expired tomcat and tomcat-trust certificate.

I rotated the expired certificates as part of the process Restarted tomcat service and the cisco TFTP service as suggested

but the prompt also suggested me to disable and re-enable the SAML SSO.

I disabled the SAML SSO and when i had to download the "Export All metadata" file to provide it to the people who manage idp side of things. the "Export All metadata" wouldnt download anything, the button is unresponsive
I thought this was some browser issue but was surprised to see the issue was still on when i tried the access across mutiple browser / computers and even after a server reboot. clearing browser cache, allow popups etc

has anyone faced this situation ? if so would you be able to share the resolution ?

I could not find any ways online to download the "Export All metadata" from the CLI

Kevin Santiago · ‎03-08-2021

How did you resolve this issue?

Roger Kallberg · ‎03-08-2021

Not an answer to the problem as such, but the information in documentation about that SSO needs to be turned off when the Tomcat certificate is renewed is inaccurate.

What is needed is to send or use the new Tomcat certificate information to update the trust in the IdP. This would get the new certificate information from the renewed Tomcat certificate into the trust on the IdP.

Kevin Santiago · ‎03-09-2021

HI,

Thanks for the feedback. I agree the step is important and required. I was able to complete the export last night. I tried several web browsers and a dedicated server for system access all of these failed to produce the file export. On my 3rd attempt using Microsoft Edge browser the window allowing me to download the export finally showed up. I did not change any thing on my systems, popups were not blocked, etc.