McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 241

↗ View in doc context
page
241
source
unity-connection/v15/design-guide/design-guide.md
chunk_id
unity-connection::v15::design-guide::design-guide::226

SAML Single Sign On Security Assertion Markup Language Single Sign On (SAML SSO) is an enhancement to the existing sign on feature. SAML SSO allows a user to gain single sign on access with Unity Connection subscriber web interfaces and across the administrative web applications on the following Unified Communications products: • Unity Connection • Cisco Unified Communications Manager • Cisco Unified IM/ Presence SAML SSO supports both LDAP and non LDAP users to gain single sign on access to web applications. For more information on SAML SSO, see the Quick Start Guide for SAML SSO in Cisco Unity Connection, Release 15, available at https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/15/quick_start/ guide/b_15cucqssamlsso.html. Authz Server Unity Connection enhances the SAML SSO and non SSO login experience for Jabber users by providing the support of OAuth 2.0 Authorization Code Grant Flow. For faster login, Authorization Code Grant Flow requires an Authorization Server (Authz Server) to provide the access and refresh tokens to the Jabber client. In Unity Connection, the publisher server of Cisco Unified CM associated with a phone system is configured as an Authz server. After configuring an Authz server, Unity Connection uses the authorization keys provided by the Authz server to validate the token of a Jabber client. If authorization keys are changed on Cisco Unified CM, you must synchronize the keys between Unity Connection and Authz server. You can configure multiple Authz server by providing the credential of Cisco Unified CM associated with the phone system. In multisite deployment where CUCM SME is installed, you can configure the publisher server (where Jabber end points are connected) of every leaf cluster as an Authz server for connecting with Unity Connection. Note To configure an Authz server, see Configuring an Authz Server in Unity Connection Consider the following points while configuring the Authz server in Unity Connection: • Make sure that OAuth Authorization Code Grant Flow feature is enabled on both Cisco Unified CM and Cisco Unity Connection. By default, the OAuth flow is disabled on Cisco Unity Connection. To enable the feature, navigate to System Settings > Enterprise Parameters in Cisco Unity Connection Administration. On Enterprise Parameters page, enter the applicable settings under SSO and OAuth Configuration field and select the Enabled option for OAuth with Refresh Login Flow. • The username and password entered for the Authz server must be same as the username and password of the system administrator of Cisco Unified CM. • The Tomcat services of Cisco Unified CM are up and running. • Make sure to upload the valid certificates of Cisco Unified CM to the tomcat trust of Cisco Unity Connection or check the Ignore Certificate Errors check box to ignore the certificate validation errors for the Authz server. System Administration Guide 223 System Settings SAML Single Sign On