WebEx Connect ADFS 2.0 SSO iPhone ClientWebEx Connect ADFS 2.0 SSO iPhone Clienthttp://developer.cisco.com/c/message_boards/find_thread?p_l_id=&threadId=60952912013-06-18T22:05:48Z2013-06-18T22:05:48ZRE: WebEx Connect ADFS 2.0 SSO iPhone ClientDaniel Sepphttp://developer.cisco.com/c/message_boards/find_message?p_l_id=&messageId=62017812012-07-30T20:49:49Z2012-07-30T20:49:49ZI don't think it has to be a domain controller, we are a small company though without much Windows infrastructure so as you say it was not an option for our deployment. I know that it does have to be running Windows Server 2008 or 2008 R2. We mitigate security issues by using another Windows server to act as the ADFS proxy. That server only exposes HTTPS port 443, and only for the purposes of relaying the token exchange with the ADFS server. So far it's working well for us.
Best of luck with your deployment. Daniel Sepp2012-07-30T20:49:49ZRE: WebEx Connect ADFS 2.0 SSO iPhone ClientDaniel Ferianzzi Andriolohttp://developer.cisco.com/c/message_boards/find_message?p_l_id=&messageId=62000332012-07-30T20:33:22Z2012-07-30T20:33:22ZDaniel,
Thanks for your informations.
I´ve one doubt about the ADFS server:
1- The Federation Server MUST be a Domain Controller or it wasn´t an option for your deployment?
We are concearned about promoting the Federation Server to Domain Controller because the IIS security issues...
About your problem with Cisco Tech Supp, I´m seeing the same problem. Apparently the Cisco and Webex Support teams are different teams and it´s very difficult to get problem solved when we need support from both.
If we find something, we let you know.
Thanks again!
Rgds,
DanielDaniel Ferianzzi Andriolo2012-07-30T20:33:22ZRE: WebEx Connect ADFS 2.0 SSO iPhone ClientDaniel Sepphttp://developer.cisco.com/c/message_boards/find_message?p_l_id=&messageId=62017072012-07-30T20:21:52Z2012-07-30T20:21:52ZThe server that runs ADFS 2.0 in our environment is also a domain controller. We did purchase an EV SSL certificate from Verisign that matches the DNS name of the ADFS server. I would think that it would also work with a self-signed certificate but that was not an option for us.
We also use MS Exchange Online with SSO via ADFS 2.0, I followed the instructions in that Enterprise Deployment guide to set up our SSO environment initially. You might find some useful information in that guide regarding getting your ADFS environment to work.
Cisco tech support has not been very helpful thus far on my iPhone issue, the techs keep sending me articles from their knowledge base that I read through the same day I wrote my original post. Apparently there is a button in the app to generate & send an error report, but you have to be logged in to see the button, and since the application doesn't complete the federated authentication and load the rest of the interface, I can't get to it. Very frustrating.
Daniel Sepp2012-07-30T20:21:52ZRE: WebEx Connect ADFS 2.0 SSO iPhone ClientDaniel Ferianzzi Andriolohttp://developer.cisco.com/c/message_boards/find_message?p_l_id=&messageId=61999792012-07-30T19:57:49Z2012-07-30T19:57:49ZHi Daniel,
Unfortunately I cant help you with the issue about the JabberIM on the iPhone.
We are trying to get the Webex Connect/Site working using SSO Feature + ADFS following the "Kingsley Lewis Guide", but did not succedded.
Let me ask you something:
1- Did you created another host to run exclusively the Federation Service or you have installed the ADFS on the ActiveDirectory host?
I´m asking that because we can see the login attempts, but apparently the login process does not tries to authenticate on AD database, it tries to authenticate locally on the Federation Host.
2- When trying to authenticate externally from your corporate network, you needed to create an DNS entry to point to your Federation Server, correct? Did you needed a valid X.509 certificate (CA Signed) or you worked with the Self-Signed Certificates?
Any help would be appreciated.
If i find something about your issue, I´ll let you know.
Thanks!
DanielDaniel Ferianzzi Andriolo2012-07-30T19:57:49ZWebEx Connect ADFS 2.0 SSO iPhone ClientDaniel Sepphttp://developer.cisco.com/c/message_boards/find_message?p_l_id=&messageId=60952902012-07-13T23:12:57Z2012-07-13T23:12:57ZMostly following the guide posted by Kinsgley Lewis, I have set up WebEx Connect for our company using Active Directory SSO via ADFS 2.0. We also have an ADFS proxy server on the network perimeter to proxy requests to the internal ADFS server. The WebEx Connect client for Windows works fine, as does the Cisco Jabber client for Mac, and the web client. That's probably enough for most, but we'd like to have the iPhone app working as well and that's where I first ran into issues I'm hoping someone can help with.
The Jabber IM client recognizes that we have a SSO setup and takes us to our ADFS login page, but after a successful login, the page is just blank. If I hit back on the iPhone and then sign-in again, I get a page of text saying something to the effect of SSO Success, and what appears to be the token, but once again no page loads. Anyone with a similar setup gotten the iPhone client working correctly and might know of some things to check out?Daniel Sepp2012-07-13T23:12:57Z