Guest

Preview Tool

Cisco Bug: CSCuq76924 - Warnings in CUCM SAML SSO Page

Last Modified

Aug 07, 2018

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.5(1.98000.263)

Description (partial)

Symptom:
After enabling SSO on CUCM /IM&P System version: 10.5.1.x.x Customer is getting the following warning message :
"The IdP files for the following servers do not match the file on publisher: .......
Please enable SSO on the respective server(s), then click on the re-import metadata icon to get the server(s) in sync."

Conditions:
CUCM 10.5.x

From the logs, we could see the below with multiple nodes.

2014-09-10 14:51:43,553 ERROR [Thread-234] cluster.SAMLSSOClusterManager - Error making enableSSO call to xx1.xx.com
java.io.IOException: HttpsURLConnection response code: 503 : Service Unavailable
at com.cisco.cpi.sso.saml.api.cluster.SAMLSSOClusterManager.doSSOResultRequest(SAMLSSOClusterManager.java:538)
at com.cisco.cpi.sso.saml.api.cluster.SAMLSSOClusterManager.doSSOResultRequest(SAMLSSOClusterManager.java:460)
at com.cisco.cpi.sso.saml.api.cluster.SAMLSSOClusterManager.isIdPMetaDataSimilar(SAMLSSOClusterManager.java:298)
at com.cisco.cpi.sso.saml.api.cluster.SAMLSSOClusterManager.isPublisherIdPMetaDataSimilar(SAMLSSOClusterManager.java:311)
at com.cisco.cpi.sso.saml.api.cluster.SAMLSSOClusterManager$IdPMetaDataSimilarThread.run(SAMLSSOClusterManager.java:1214)
at java.lang.Thread.run(Thread.java:744)
2014-09-10 14:51:43,570 ERROR [Thread-233] cluster.SAMLSSOClusterManager - Error making enableSSO call to xx.xx.com
java.io.IOException: HttpsURLConnection response code: 503 : Service Unavailable
at com.cisco.cpi.sso.saml.api.cluster.SAMLSSOClusterManager.doSSOResultRequest(SAMLSSOClusterManager.java:538)
at com.cisco.cpi.sso.saml.api.cluster.SAMLSSOClusterManager.doSSOResultRequest(SAMLSSOClusterManager.java:460)
at com.cisco.cpi.sso.saml.api.cluster.SAMLSSOClusterManager.isIdPMetaDataSimilar(SAMLSSOClusterManager.java:298)
at com.cisco.cpi.sso.saml.api.cluster.SAMLSSOClusterManager.isPublisherIdPMetaDataSimilar(SAMLSSOClusterManager.java:311)
at com.cisco.cpi.sso.saml.api.cluster.SAMLSSOClusterManager$IdPMetaDataSimilarThread.run(SAMLSSOClusterManager.java:1214)
at java.lang.Thread.run(Thread.java:744)

[17/Sep/2014:13:05:56 +0200] xx.xx.xx.xx xx.xx.xx.xx - - 8443 POST /ssosp/ws/config/metadata/idp/checkSimilarity HTTP/1.1 503 2190 1
[17/Sep/2014:13:05:56 +0200] xx.xx.xx.xx xx.xx.xx.xx - - 8443 POST /ssosp/ws/config/metadata/idp/checkSimilarity HTTP/1.1 503 2190 1

[17/Sep/2014:13:05:45 +0200] xx.xx.xx.xx xx.xx.xx.xx Administrator - 8443 POST /ssosp/ws/config/metadata/idp/checkSimilarity HTTP/1.1 200 113 3662
[17/Sep/2014:13:05:47 +0200] xx.xx.xx.xx xx.xx.xx.xx Administrator - 8443 POST /ssosp/ws/config/metadata/idp/checkSimilarity HTTP/1.1 200 113 5473
[17/Sep/2014:13:05:49 +0200] xx.xx.xx.xx xx.xx.xx.xx Administrator - 8443 POST /ssosp/ws/config/metadata/idp/checkSimilarity HTTP/1.1 200 113 7517

Related Community Discussions

Problems with CUCM SAML SSO
Good day. I have some troubles with SAML SSO. I installed certificates, then I configured ADFS and CUCM to use SSO. And firstly all worked fine. I could login to CUCM and to Self-care portal with windows credentials. But there was a notifications at SAML SSO configurations page: " The IdP files for the following servers do not match the file on publisher: vcucmsub01, vcucmsub00. Please enable SSO on the respective server(s), then click on the re-import metadata icon to get the server(s) in sync." ...
Latest activity: Jul 29, 2018
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.