Blogs

Showing 1 - 20 of 21 results.
Items per Page 20
of 2
First Previous Last

Forums

« Back to Cisco Webdialer Questions

PIN authentication

Combination View Flat View Tree View
Threads [ Previous | Next ]
PIN authentication
web dialer pin authentication call start
Answer
4/3/09 9:27 PM
I am looking for a simple method to setup a phone call from computer (I mean start a call from IPPhone by an application).
It is possible to place a call by pushing CiscoIpPhoneExecute XML to a phone, but needed are: UserID, Password or PIN and device IP address.
WebDialer allows to place a call without knowing of phone's IP address, but the authentication requires Password and using PIN is impossible.
My goal is to store user's PIN on a computer instead of his password (which would be his Active Directory password) and avoid retyping IP address everytime the app is started.
Is there any simple workaround to reach my goal?
Why WebDialer (to be strict - makeSoapCall) doesn't allow to authenticate by PIN?
Flag

RE: PIN authentication
Answer
4/3/09 9:54 PM as a reply to piotr wozniak.
The SOAP make call request does require the user's password (and not pin) by design.  Have you investigated the webdialer proxy user functionality?  Using this you would be able to either make the call without user input via the proxy user, or validate the user pin via your app (using AXL doAuthenticateUser request) then place the call on their behalf using the proxy user.
Flag

RE: PIN authentication
Answer
4/19/10 3:10 PM as a reply to David Staudt.
But you mean making requests to WebDialer application - actually I don't understand how to use this proxy.
My question targets WebDialer SOAP API - especially makeCallSoap function.
I guess your suggested solution is to write Web application that will get some param identifying the calling client. And that web application will have permissions to make call from any phone. Right?
 
Can you explain how this authentication is implemented? Was it impossible to add authenticate by PIN functionality???
Flag

RE: PIN authentication
Answer
4/19/10 3:11 PM as a reply to piotr wozniak.
can anybody answer to this subject?
Flag

RE: PIN authentication
Answer
4/21/10 12:59 PM as a reply to piotr wozniak.
Hi,
 
CUCM provides WedDailer Soap service and is located at the URL
[url=https://<CUCM-IP-address>/webdialer/services/WebdialerSoapService70]https://<CUCM-IP-address>/webdialer/services/WebdialerSoapService70 
 
We can invoke web services using socket programming.  Authentication is implemeted by passing the credentials in the SOAP request.
 
For further information refer  page no. 73 for socket programming and  page no. 288  for soap request format. in
7.1(2)_Cisco_Unified_Communications_Manager_XML_Developer_Guide.pdf
 
Flag

RE: PIN authentication
Answer
4/27/10 6:58 PM as a reply to Huthesha K.
The question is about Web Dialer PIN authentication.
 
I read through the documentation http://cisco.biz/en/US/docs/voice_ip_comm/cucm/devguide/7_1_2/wd.html and found nothing helpful.
Flag

RE: PIN authentication
Answer
4/27/10 10:18 PM as a reply to piotr wozniak.
WebDialer allows <makeCallSoap> to use a 'master' set of credentials to make calls 'on behalf of' end user phones.  To do this, create a new UCM application user, with group 'Standard EM Authentication Proxy Rights', and use this user as the credentials in <makeCallSoap>
 
In this way your app can make calls on behalf of users without requiring any authentication from them, if you wish.  If you still need to validate their UCM PIN, you can use the AXL SOAP API <doAuthenticateUser> to do so, before making the <makingCallSoap> request.
Flag

RE: PIN authentication
Answer
4/28/10 12:36 PM as a reply to David Staudt.
David,
your proposal seems to me not as secure, as I need it.
 
Let me describe the application - I want to make a desktop client that will be able to setup a call from user's phone without need to type the number on the phone. The preferred way is to avoid setting up any additional services. I also want to avoid password authentication (or just let the user choose authentication method - by password or pin) because I want to store credentials on user's machine. Storing user's domain password on the computer is not a good way in case of security.
 
I know that I can set up some additional service that will have access to all phones giving it abbility to setup a call for any user. So my desktop client could then send user/pin to that service which will make a call on behalf that user.
 
But I want to restrain to the basic services - no additional systems etc.
I don't want to use doAuthenticateUser, because access to it needs some credentials which should be stored on client's machine to be used by this desktop client.
 
I find creating additional application user with group 'Standard EM Authentication Proxy Rights' insecure, because this user credentials should be stored on client's machine and can be somehow extracted and used to setup a call on behalf of any user by anybody.
 
So, why WebDialer (to be strict - makeSoapCall) doesn't allow to
authenticate by PIN?
Flag

RE: PIN authentication
Answer
4/28/10 9:39 PM as a reply to piotr wozniak.
Not sure why WebDialer does not accept the PIN, though I believe this is consistent with other UCM APIs - AXL, CTI, etc.  Can't think of any UCM app or API that accepts PIN, other than Extension Mobility, where it was implemented due to limited input capability at the phone.  One rationalization would be that the password is more secure than the PIN, and since Webdialer use case is on the PC, where the user has access to a keyboard, password was used.
 
I have numerous applications on my desktop that have saved my AD password - for example IM client, email client, etc. - so I don't think it's unreasonable for an app to store it if it's properly encrypted.  However security policies vary, and I do see where it could be helpful to have a security level above 'none' (use a global proxy user) and below 'best' (require AD password.)
 
 
 
 
 
 
 
 
 
 
Flag

Collateral


No files available