McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 39

↗ View in doc context
page
39
source
cucm/v15/saml-sso/saml-sso.md
chunk_id
cucm::v15::saml-sso::saml-sso::36

While configuring the domain, we recommend you to see the section “Configuration” in the Change CUCM Server Definition from IP Address or Hostname to FQDN Format to avoid connection failures and metadata mismatch warning messages, which appears post SAML SSO enabling. This was introduced during the BCFIPS feature. Note Procedure Step 1 On Cisco Unified Communications Manager, complete the SSO configuration: a) Restart the Cisco Tomcat server before enabling SAML SSO. b) From Cisco Unified CM Administration, choose System > SAML Single Sign On. c) Click Enable SAML SSO. d) Click Continue and follow the prompts. Note You can enable or disable SAML SSO only if the DB services are up and running across all the nodes in the cluster. To check the DB status, run the utils service list administrative command (A Cisco DB) that retrieves the list of all services. e) Cluster wide agreements only. Click Test for Multi-server tomcat certificates. f) Click Next g) Browse to select your IdP metadata file. After you have opened the file, click Import IdP Metadata. h) Click Next. i) Select an LDAP-synchronized whom has Standard CCM Super User permissions and Run SSO test. j) Sign in with the user's credentials. k) Click Finish to complete the SAML SSO setup. l) Restart the Cisco Tomcat server. m) Per node agreements only. Repeat this process on each Unified Communications Manager node. Note If FIPS or ESM is enabled on the Unified Communications Manager, you need to set the SSO signing algorithm to sha256. Run this command on admin CLI on all the nodes of Unified CM. utils sso set signing-algorithm sha256 Step 2 IM and Presence Service—If you have a Centralized Deployment of the IM and Presence Service, repeat the previous step on the standalone Unified CM publisher node that is a part of the IM and Presence central cluster. Step 3 On Cisco Unity Connection, complete the SAML SSO configuration: a) Restart the Cisco Tomcat server before enabling SAML SSO. b) In Cisco Unity Connection Administration, go to System Settings > SAML Single Sign On. c) Click Enable SAML Single Sign On. d) Click Continue and follow the prompts. e) Import the IdP metadata file into Cisco Unity Connection. f) Test the SSO Connection. g) Restart the Cisco Tomcat server. SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 29 SAML SSO Configuration Enable SAML SSO for Cisco Collaboration Applications