Is there valid TLS trust between UCM and Idp?
> On Sep 16, 2021, at 19:46, Johnson, Tim <johns...@cmich.edu> wrote: > > > Nah, looks like he said logging into CCM Admin pages, with AD accounts, so > all areas of the web UI (I believe). The NTP errors that I’ve seen are > presented as SAML assertion errors. > > I’m curious if this is a new SSO config, or if it was working properly and > something’s changed. > > From: cisco-voip <cisco-voip-boun...@puck.nether.net> On Behalf Of Kent > Roberts > Sent: Thursday, September 16, 2021 8:37 PM > To: Matthew Loraditch <mloradi...@heliontechnologies.com> > Cc: cisco-voip@puck.nether.net > Subject: [External] Re: [cisco-voip] Error Processing SAML Response > > Remember he said it also was happening on the CUCM Admin account which has > nothing to do with SSO/SAML. So means its most likely internal to cucm... > > > On Sep 16, 2021, at 4:36 PM, Matthew Loraditch > <mloradi...@heliontechnologies.com> wrote: > > The logs are pretty clear when its a time difference as the error. I’ve not > seen it randomly occur but definitely the error will be it’s time and may > even show the difference. > > Its the 4j log file for sso I believe > > Get Outlook for iOS > > Matthew Loraditch > Sr. Network Engineer > (He/Him/His) > p: 443.541.1518 > w: www.heliontechnologies.com > | > e: mloradi...@heliontechnologies.com > <image657209.png> > <image487691.png> > <image529913.png> > <image776611.png> > From: cisco-voip <cisco-voip-boun...@puck.nether.net> on behalf of Lelio > Fulgenzi <le...@uoguelph.ca> > Sent: Thursday, September 16, 2021 4:32:12 PM > To: Jonathan Charles <jonv...@gmail.com>; Benjamin Turner > <benmtur...@hotmail.com> > Cc: cisco-voip@puck.nether.net <cisco-voip@puck.nether.net> > Subject: Re: [cisco-voip] Error Processing SAML Response > > > [EXTERNAL] > > > Have you been able to confirm the time difference? > > I’m not trying to take their side of things, but if it’s minutes off, I > wouldn’t doubt that’s possible. SSO is highly secure, right? A time > difference might be enough to throw it off? > > Here’s reference: > > https://support.pingidentity.com/s/article/Accounting-for-Time-Drift-Between-SAML-Endpoints50907 > > > > From: cisco-voip <cisco-voip-boun...@puck.nether.net> On Behalf Of Jonathan > Charles > Sent: Thursday, September 16, 2021 6:23 PM > To: Benjamin Turner <benmtur...@hotmail.com> > Cc: cisco-voip@puck.nether.net > Subject: Re: [cisco-voip] Error Processing SAML Response > > CAUTION: This email originated from outside of the University of Guelph. Do > not click links or open attachments unless you recognize the sender and know > the content is safe. If in doubt, forward suspicious emails to > ith...@uoguelph.ca > > No... TBH, I have never heard of it... > > TAC is hyper-asserting that the issue is time mismatch between CUCM/CUC and > ADFS... > > > Jonathan > > On Thu, Sep 16, 2021 at 4:08 PM Benjamin Turner <benmtur...@hotmail.com> > wrote: > Have you tried to run a SAML Tracer? > > Sincerely, > Benjamin M. Turner > From: cisco-voip <cisco-voip-boun...@puck.nether.net> on behalf of Jonathan > Charles <jonv...@gmail.com> > Sent: Thursday, September 16, 2021 4:56:48 PM > To: cisco-voip@puck.nether.net <cisco-voip@puck.nether.net> > Subject: [cisco-voip] Error Processing SAML Response > > So, users are randomly getting the above error when logging into CUCM UCMUser > or CUC Inbox... we are also getting it using AD credentials into admin pages > for CUCM/CUC/etc. > > For a user, it will work find repeatedly, then you will get the error, close > your browser, and reopen, still get the error for a few minutes. Then later > it will work. When a user is affected, other users work fine. > > TAC is saying it is an NTP issue, however, NTP between CUCM 12.5 and IdP > (ADFS 2.0) is fine. > > Pings are around 1ms between servers. > > Any ideas? > > > Jonathan > > > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
