Cisco Bug: CSCul13985 - CUPS Doesn't Properly Choose Auth ID During XML Stream Negotiation
Feb 19, 2018
- Cisco Unified Communications Manager IM & Presence Service
- Cisco Unified Presence Version 8.6
Known Affected Releases
Symptom: When federating with another vendor's server, CUPS successfully negotiates SASL authentication using the "from=" header in the stanza from the federated server. Once SASL is setup and CUPS receives the subsequent XML stream from the federated server, CUPS uses the "Certificate Subject Common Name (CN)" as the stored off authentication ID for the stream instead of the "from=" header. At this point the Common Name of the cert does not match the the federated server's domain and all requests are rejected. Conditions: CUPS 8.6.5 XMPP Federating over TLS with third-party XMPP server.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases