Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support.

Published byRandolf Elliott Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support."— Presentation transcript:

1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support Presenter – Aastha Wal (aawal)

2 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 2 Table of Contents  Abbreviations  Added Functionality in current release  OAuth API/Endpoints  Jabber- CUC SSO Flow  Enterprise parameters  OAuth token expiry  Counters  CLI command to set trace Level  Collect Logs from RTMT  Troubleshooting tips

3 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 3 Abbreviations  CUC: Cisco Unity Connection  IDP: Identity Provider  OAuth: Authorization protocol / framework  SAML: Security Assertion Markup Language  SP: Service Provider  SSO: Single Sign On  SSOSP: CUC specific SP implementation  RTMT: Real Time Monitoring Tool

4 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 4 Added Functionality in current release Oz 10.0  SAML SSO, only Web Applications single sign on was possible.  CUC Admin  CUC Client Web Applications: - CiscoPCA - Web-Inbox - Mini-inbox Otomo 10.5 In addition to features present in 10.0, this release has:  SAML enabled for CUC Serviceability  OAuth token based access to services like: - VMRest (on Unity Connection)

5 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 5 OAuth API / Endpoints

6 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 6

7 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 7 Enterprise Parameters  There would be two new Enterprise level parameters specific to OAuth. 1)Enterprise parameter to set OAuth token expiry time in minutes. 2)Enterprise parameter to set a redirect URL for third party client. (no default value)  Once the administrator changes the timer, SSOSP web application pick up the new value instantaneously without having to restart Tomcat or SSOSP web application Note: Clicking on Enterprise parameter gives the description about the parameter.

8 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 8 OAuth Token Expiry Settings in CUC

9 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 9 OAuth token expiry  The Authorization service /validate endpoint will return a HTTP 400 Bad Request for an expired token

10 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 10 Counters  Two new counters introduced to track the number of failed/invalid SAML Requests/Responses SAML_FAILED_REQUESTS SAML_FAILED_RESPONSES In case of a failed SAML request or a failed response counters will be incremented (like if request/response has some mandatory field missing etc. )  OAuth tokens are tracked by the following counters: OAUTH_TOKENS_ISSUED OAUTH_TOKENS_ACTIVE OAUTH_TOKENS_VALIDATED OAUTH_TOKENS_EXPIRED OAUTH_TOKENS_REVOKED  CLI command to get counter values: show perf query class "SAML SSO"

11 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 11 Counters

12 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 12 CLI Command to Set Trace Level Log level can be changed using the following CLI commands:  set samltrace level DEBUG  set samltrace level INFO (default)  set samltrace level WARNING  set samltrace level ERROR  set samltrace level FATAL Note: They are used for troubleshooting, DEBUG mode is best for troubleshooting

13 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 13 © 2005, Cisco Systems, Inc. Company Confidential Collect Logs from RTMT Following log files can be collected from RTMT: ssosp.log: ssospxxxxx.log security.log: securityxxxxx.log Tomcat access: localhost_access_log.txt Below are the steps to follow on RTMT Login to RTMT Goto: System  Tools  Trace  Trace & Log Central For ssosp logs: Click on Collect files  click next  select Cisco SSO  finish For security logs: Click on collect files  click next  select Cisco Tomcat Security  finish For Tomcat access logs: Click on collect files  click next  select Cisco Tomcat  finish Log files will be downloaded

14 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 14 Troubleshooting tips Logs Location  OAuth endpoint logs: On all the nodes in the cluster /var/log/active/tomcat/logs/ssosp/log4j/ssosp*  IMS: On all the nodes in the cluster /var/log/active/tomcat/logs/security/log4j/security*  CUC Tomcat access logs: /var/log/active/tomcat/logs/localhost_access_log.txt

15 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 15 Troubleshooting tips for CUC cont..  Problem Description 1.VMRest API throws 401 response error  Solution 1.Check if OAuth Token has expired 2.Check if OAuth Token is no longer valid -If the Tomcat service is restarted then all previous tokens are no longer valid and the client have to request for a new token. - If the publisher server of Unity Connection cluster went down then the token generated on the publisher server becomes invalid, and clients have to request the subscriber to generate a new token.

16 © 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 16

Download ppt "© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support."

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Dexter Team IPv6 in Connection 8.5.

Dexter Team IPv6 in Connection 8.5.
REST support for B2B access to your AppServer PUG Challenge Americas - 2014 Michael Jacobs : Senior Software Architect Edsel Garcia : Principal Software.

REST support for B2B access to your AppServer PUG Challenge Americas Michael Jacobs : Senior Software Architect Edsel Garcia : Principal Software.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Unity Connection Qualification for Prime Collaboration Development Release.

Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Unity Connection Qualification for Prime Collaboration Development Release.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Cisco Unity Connection Cross- Origin Resource Sharing (CORS) for VMRest APIs.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Cisco Unity Connection Cross- Origin Resource Sharing (CORS) for VMRest APIs.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Learning Partner Associate Application Process.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Learning Partner Associate Application Process.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 ANNOUNCING Command Lookup Tool 2.0 Something new is happening!

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 ANNOUNCING Command Lookup Tool 2.0 Something new is happening!
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 1 64 bit RHEL 6 Update 2 OS Upgrade RHEL TEAM 25-01-2013.

Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved bit RHEL 6 Update 2 OS Upgrade RHEL TEAM
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.

Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Backup, Restore, and Server Replacement Josh Rose UCBU Software Engineer.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Backup, Restore, and Server Replacement Josh Rose UCBU Software Engineer.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Unity Connection 2.0 Architecture TOI Part I – System Level Overview.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Unity Connection 2.0 Architecture TOI Part I – System Level Overview.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.
© 2013 Cisco System Inc. All rights reserved Cisco Confidential 1 © 2013 Cisco System Inc. All rights reserved. 1 Allow System Distribution Lists to be.

© 2013 Cisco System Inc. All rights reserved Cisco Confidential 1 © 2013 Cisco System Inc. All rights reserved. 1 Allow System Distribution Lists to be.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco Unity Connection 2.0 VUI Troubleshooting Mike Maas, Unified Communications.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco Unity Connection 2.0 VUI Troubleshooting Mike Maas, Unified Communications.

Similar presentations

Ads by Google