Re: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
I should also add this is intermittent. Sometimes Jabber will connection to Unity Connection just fine with SSO. Sometimes it will try to connect to the DNS servers (Show Connection Status shows the DNS server as voicemail) and fail. Sometimes it will try to connect to Unity Connection but without SSO. On Fri, Jun 12, 2015 at 9:18 AM, Justin Steinberg jsteinb...@gmail.com wrote: It seems like the problem is that for some reason, Jabber thinks the DNS server is the voicemail server. So it is performing a SSO check with the DNS server and that fails. Any idea why Jabber would be doing this ? On Thu, Jun 11, 2015 at 1:46 PM, Justin Steinberg jsteinb...@gmail.com wrote: i've looked through it and i'm not sure where it is going wrong. It doesn't help that the file is 15,000 or so lines long for a three minute login :) i've opened a case with Webex Messenger team and will probably do the same with Jabber/CUC. Justin On Thu, Jun 11, 2015 at 11:07 AM, Brian Meade bmead...@vt.edu wrote: Probably worth pulling a problem report right after sign in. It should show the process of checking if SSO is enabled for Unity Connection. On Wed, Jun 10, 2015 at 4:33 PM, Justin Steinberg jsteinb...@gmail.com wrote: Thanks Chris, I checked all that out and it looks alright. In testing this afternoon, we've gotten the UCXN SSO to work on a couple occasions but it doesn't stay. The Jabber client ends up not logging into voicemail and in the Jabber client FileOptionsAccounts, it wants the user to enter their credentials.Jabber shouldn't be allowing users to enter their credentials in the client with SSO enabled. I turned up samltrace to debug on UCXN and pulled the logs. Jabber doesn't even seem to be hitting the UCXN server when it fails, it's like Jabber doesn't realize UCXN is SSO enabled.I'm opening a case with Webex Messenger support to start, then will see where that goes. Justin On Wed, Jun 10, 2015 at 1:39 PM, Chris Clouse chris.clo...@cdw.com wrote: · Verify the following Unity Connection Services are started. - Connection Jetty - Connection REST Service · Verify the class of service has Allow Users to Use the Web Inbox and RSS Feeds, Allow Users to Access Voice Mail Using an IMAP Client and/or Single Inbox, Allow Users to Use Unified Client to Access Voice Mail enabled · Verify the Unity Connection API Settings are enabled (System Settings-Advanced-API Settings) - Allow Access to Secure Message Recordings through CUMI - Display Message Header Information of Secure Messages through CUMI - Allow Message Attachments through CUMI Also make sure that you don’t have VoicemailService_UseCredentialsFromphone/VoicemailService_UseCredentialsFrom in your jabber-config.xml file as it will need to have a separate login for the voicemail server versus CallManager. *~Chris* *From:* Justin Steinberg [mailto:jsteinb...@gmail.com] *Sent:* Wednesday, June 10, 2015 12:30 PM *To:* Chris Clouse *Cc:* Cisco VOIP *Subject:* RE: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN Yes I've done that. The Unity Connection Web Inbox and UCM Self Care Portal page both have functioning SSO. It's just Jabber that won't utilize SSO when using CUC. Justin On Jun 10, 2015 1:16 PM, Chris Clouse chris.clo...@cdw.com wrote: In order for the phone services and voicemail to be connected via SSO, CUCM and UCXN will also need to be enabled for SAML SSO on their own as well as having the WebEx Messenger SSO. I would recommend that you be on 10.5+ even though it states supported with 10.0. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html *~Chris* *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf Of *Justin Steinberg *Sent:* Wednesday, June 10, 2015 12:09 PM *To:* Cisco VOIP *Subject:* [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN Has anyone setup SSO in the hybrid Jabber deployment model? Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN. We have enabled SSO for all three systems. We can use SSO to login to jabber and the UCM and UCXN end user self service web interfaces.All that seems OK and SSO is working. The problem is that once jabbers logs in to WebEx Messenger, it requires the user to go into fileoptions and manually enter their voicemail credentials. I expect that it should just SSO into WebEx messenger, UCM phone services and UCXN voicemail services. Any thoughts? Justin ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip
Re: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
i've looked through it and i'm not sure where it is going wrong. It doesn't help that the file is 15,000 or so lines long for a three minute login :) i've opened a case with Webex Messenger team and will probably do the same with Jabber/CUC. Justin On Thu, Jun 11, 2015 at 11:07 AM, Brian Meade bmead...@vt.edu wrote: Probably worth pulling a problem report right after sign in. It should show the process of checking if SSO is enabled for Unity Connection. On Wed, Jun 10, 2015 at 4:33 PM, Justin Steinberg jsteinb...@gmail.com wrote: Thanks Chris, I checked all that out and it looks alright. In testing this afternoon, we've gotten the UCXN SSO to work on a couple occasions but it doesn't stay. The Jabber client ends up not logging into voicemail and in the Jabber client FileOptionsAccounts, it wants the user to enter their credentials.Jabber shouldn't be allowing users to enter their credentials in the client with SSO enabled. I turned up samltrace to debug on UCXN and pulled the logs. Jabber doesn't even seem to be hitting the UCXN server when it fails, it's like Jabber doesn't realize UCXN is SSO enabled.I'm opening a case with Webex Messenger support to start, then will see where that goes. Justin On Wed, Jun 10, 2015 at 1:39 PM, Chris Clouse chris.clo...@cdw.com wrote: · Verify the following Unity Connection Services are started. - Connection Jetty - Connection REST Service · Verify the class of service has Allow Users to Use the Web Inbox and RSS Feeds, Allow Users to Access Voice Mail Using an IMAP Client and/or Single Inbox, Allow Users to Use Unified Client to Access Voice Mail enabled · Verify the Unity Connection API Settings are enabled (System Settings-Advanced-API Settings) - Allow Access to Secure Message Recordings through CUMI - Display Message Header Information of Secure Messages through CUMI - Allow Message Attachments through CUMI Also make sure that you don’t have VoicemailService_UseCredentialsFromphone/VoicemailService_UseCredentialsFrom in your jabber-config.xml file as it will need to have a separate login for the voicemail server versus CallManager. *~Chris* *From:* Justin Steinberg [mailto:jsteinb...@gmail.com] *Sent:* Wednesday, June 10, 2015 12:30 PM *To:* Chris Clouse *Cc:* Cisco VOIP *Subject:* RE: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN Yes I've done that. The Unity Connection Web Inbox and UCM Self Care Portal page both have functioning SSO. It's just Jabber that won't utilize SSO when using CUC. Justin On Jun 10, 2015 1:16 PM, Chris Clouse chris.clo...@cdw.com wrote: In order for the phone services and voicemail to be connected via SSO, CUCM and UCXN will also need to be enabled for SAML SSO on their own as well as having the WebEx Messenger SSO. I would recommend that you be on 10.5+ even though it states supported with 10.0. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html *~Chris* *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf Of *Justin Steinberg *Sent:* Wednesday, June 10, 2015 12:09 PM *To:* Cisco VOIP *Subject:* [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN Has anyone setup SSO in the hybrid Jabber deployment model? Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN. We have enabled SSO for all three systems. We can use SSO to login to jabber and the UCM and UCXN end user self service web interfaces.All that seems OK and SSO is working. The problem is that once jabbers logs in to WebEx Messenger, it requires the user to go into fileoptions and manually enter their voicemail credentials. I expect that it should just SSO into WebEx messenger, UCM phone services and UCXN voicemail services. Any thoughts? Justin ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
Thanks Chris, I checked all that out and it looks alright. In testing this afternoon, we've gotten the UCXN SSO to work on a couple occasions but it doesn't stay. The Jabber client ends up not logging into voicemail and in the Jabber client FileOptionsAccounts, it wants the user to enter their credentials.Jabber shouldn't be allowing users to enter their credentials in the client with SSO enabled. I turned up samltrace to debug on UCXN and pulled the logs. Jabber doesn't even seem to be hitting the UCXN server when it fails, it's like Jabber doesn't realize UCXN is SSO enabled.I'm opening a case with Webex Messenger support to start, then will see where that goes. Justin On Wed, Jun 10, 2015 at 1:39 PM, Chris Clouse chris.clo...@cdw.com wrote: · Verify the following Unity Connection Services are started. - Connection Jetty - Connection REST Service · Verify the class of service has Allow Users to Use the Web Inbox and RSS Feeds, Allow Users to Access Voice Mail Using an IMAP Client and/or Single Inbox, Allow Users to Use Unified Client to Access Voice Mail enabled · Verify the Unity Connection API Settings are enabled (System Settings-Advanced-API Settings) - Allow Access to Secure Message Recordings through CUMI - Display Message Header Information of Secure Messages through CUMI - Allow Message Attachments through CUMI Also make sure that you don’t have VoicemailService_UseCredentialsFromphone/VoicemailService_UseCredentialsFrom in your jabber-config.xml file as it will need to have a separate login for the voicemail server versus CallManager. *~Chris* *From:* Justin Steinberg [mailto:jsteinb...@gmail.com] *Sent:* Wednesday, June 10, 2015 12:30 PM *To:* Chris Clouse *Cc:* Cisco VOIP *Subject:* RE: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN Yes I've done that. The Unity Connection Web Inbox and UCM Self Care Portal page both have functioning SSO. It's just Jabber that won't utilize SSO when using CUC. Justin On Jun 10, 2015 1:16 PM, Chris Clouse chris.clo...@cdw.com wrote: In order for the phone services and voicemail to be connected via SSO, CUCM and UCXN will also need to be enabled for SAML SSO on their own as well as having the WebEx Messenger SSO. I would recommend that you be on 10.5+ even though it states supported with 10.0. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html *~Chris* *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf Of *Justin Steinberg *Sent:* Wednesday, June 10, 2015 12:09 PM *To:* Cisco VOIP *Subject:* [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN Has anyone setup SSO in the hybrid Jabber deployment model? Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN. We have enabled SSO for all three systems. We can use SSO to login to jabber and the UCM and UCXN end user self service web interfaces.All that seems OK and SSO is working. The problem is that once jabbers logs in to WebEx Messenger, it requires the user to go into fileoptions and manually enter their voicemail credentials. I expect that it should just SSO into WebEx messenger, UCM phone services and UCXN voicemail services. Any thoughts? Justin ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
Has anyone setup SSO in the hybrid Jabber deployment model? Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN. We have enabled SSO for all three systems. We can use SSO to login to jabber and the UCM and UCXN end user self service web interfaces.All that seems OK and SSO is working. The problem is that once jabbers logs in to WebEx Messenger, it requires the user to go into fileoptions and manually enter their voicemail credentials. I expect that it should just SSO into WebEx messenger, UCM phone services and UCXN voicemail services. Any thoughts? Justin ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
In order for the phone services and voicemail to be connected via SSO, CUCM and UCXN will also need to be enabled for SAML SSO on their own as well as having the WebEx Messenger SSO. I would recommend that you be on 10.5+ even though it states supported with 10.0. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html ~Chris From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Justin Steinberg Sent: Wednesday, June 10, 2015 12:09 PM To: Cisco VOIP Subject: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN Has anyone setup SSO in the hybrid Jabber deployment model? Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN. We have enabled SSO for all three systems. We can use SSO to login to jabber and the UCM and UCXN end user self service web interfaces.All that seems OK and SSO is working. The problem is that once jabbers logs in to WebEx Messenger, it requires the user to go into fileoptions and manually enter their voicemail credentials. I expect that it should just SSO into WebEx messenger, UCM phone services and UCXN voicemail services. Any thoughts? Justin ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
· Verify the following Unity Connection Services are started. * Connection Jetty * Connection REST Service · Verify the class of service has Allow Users to Use the Web Inbox and RSS Feeds, Allow Users to Access Voice Mail Using an IMAP Client and/or Single Inbox, Allow Users to Use Unified Client to Access Voice Mail enabled · Verify the Unity Connection API Settings are enabled (System Settings-Advanced-API Settings) * Allow Access to Secure Message Recordings through CUMI * Display Message Header Information of Secure Messages through CUMI * Allow Message Attachments through CUMI Also make sure that you don’t have VoicemailService_UseCredentialsFromphone/VoicemailService_UseCredentialsFrom in your jabber-config.xml file as it will need to have a separate login for the voicemail server versus CallManager. ~Chris From: Justin Steinberg [mailto:jsteinb...@gmail.com] Sent: Wednesday, June 10, 2015 12:30 PM To: Chris Clouse Cc: Cisco VOIP Subject: RE: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN Yes I've done that. The Unity Connection Web Inbox and UCM Self Care Portal page both have functioning SSO. It's just Jabber that won't utilize SSO when using CUC. Justin On Jun 10, 2015 1:16 PM, Chris Clouse chris.clo...@cdw.commailto:chris.clo...@cdw.com wrote: In order for the phone services and voicemail to be connected via SSO, CUCM and UCXN will also need to be enabled for SAML SSO on their own as well as having the WebEx Messenger SSO. I would recommend that you be on 10.5+ even though it states supported with 10.0. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html ~Chris From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.netmailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Justin Steinberg Sent: Wednesday, June 10, 2015 12:09 PM To: Cisco VOIP Subject: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN Has anyone setup SSO in the hybrid Jabber deployment model? Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN. We have enabled SSO for all three systems. We can use SSO to login to jabber and the UCM and UCXN end user self service web interfaces.All that seems OK and SSO is working. The problem is that once jabbers logs in to WebEx Messenger, it requires the user to go into fileoptions and manually enter their voicemail credentials. I expect that it should just SSO into WebEx messenger, UCM phone services and UCXN voicemail services. Any thoughts? Justin ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
Yes I've done that. The Unity Connection Web Inbox and UCM Self Care Portal page both have functioning SSO. It's just Jabber that won't utilize SSO when using CUC. Justin On Jun 10, 2015 1:16 PM, Chris Clouse chris.clo...@cdw.com wrote: In order for the phone services and voicemail to be connected via SSO, CUCM and UCXN will also need to be enabled for SAML SSO on their own as well as having the WebEx Messenger SSO. I would recommend that you be on 10.5+ even though it states supported with 10.0. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html *~Chris* *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf Of *Justin Steinberg *Sent:* Wednesday, June 10, 2015 12:09 PM *To:* Cisco VOIP *Subject:* [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN Has anyone setup SSO in the hybrid Jabber deployment model? Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN. We have enabled SSO for all three systems. We can use SSO to login to jabber and the UCM and UCXN end user self service web interfaces.All that seems OK and SSO is working. The problem is that once jabbers logs in to WebEx Messenger, it requires the user to go into fileoptions and manually enter their voicemail credentials. I expect that it should just SSO into WebEx messenger, UCM phone services and UCXN voicemail services. Any thoughts? Justin ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip