Guest

Preview Tool

Cisco Bug: CSCvt40395 - enhancement: Gray out options on SAML SSO CUCM page based on Tomcat Certificates Uploaded

Last Modified

Apr 03, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

12.5(0.98333.207)

Description (partial)

Symptom:
Under System > SAML Single Sign-On > CUCM GUI gives 2 options 
a. SSO Mode (further with 2 sub-options)
Cluster wide (One metadata file per cluster)
Per node (One metadata file per node)

b. Certificate (further with 2 sub-options)
Use system generated self-signed certificate
Use Tomcat certificate

In some situations Customers tend to select incorrect combinations of the above which leads to wrong configuration of SSO on CUCM and eventually have to re-do it. 

eg. A deployment where Cluster has individual Tomcat (not Multi-SAN) CA signed certificates for each node, when they select the following combination - Cluster wide (One metadata file per cluster)/Use system generated self-signed certificate, SSO configuration still goes through but the combination is essentially wrong. 

I propose that the Certificate and SSO mode options are only enabled (or grayed out) based on the Tomcat certificate uploaded to the CUCM cluster so that the Customer can only select the right options.

Conditions:
When enabling SAML SSO from CUCM for the cluster.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.