Note |
The following
information is for TAPI developers.
|
With Cisco
Unified Communications Manager Release 10.5(1), the Cisco TSP client is
enhanced to support authentication using Single Sign-On (SSO).
Using Single
Sign-On provides the following advantages:
-
Simplifies
access
-
Centralizes
Credential Management
-
Eliminates
password resets
-
Is Secure
-
Integrates
with Multivendor Identity Provider (IdP)
The Cisco TSP
client can be configured to use either a static password, as in previous
releases, or to use Single Sign-On.
If the Cisco TSP
client is configured to use an Application Account or a local User account,
configure the password in the client.
If the Cisco TSP
client is configured to use an LDAP Synchronized User Account and Single
Sign-On is enabled for the Cisco Unified Communications Manager cluster, choose
Single Sign-On.
When Single
Sign-On is selected and the TAPI application is opened, the Cisco TSP client
automatically attempts to acquire the OAuth token needed to access CTI Manager.
For a first-time login and when the token expires, a browser window appears
asking the user to provide Single Sign-On credentials.
UI
Enhancements for Cisco TSP-Installer
TSP Notifier is
now a required component and is installed automatically during a fresh
installation or upgrade regardless of SSO settings. For each desired TSP
Instance, the CiscoTSP Installer UI is enhanced to allow the user to select
either Single Sign-On or Username/Password as the authentication type during a
fresh installation.
The default
authentication type for a fresh installation is Single Sign-On.
You can select
Use the
following Credentials to change the authentication type to
Username/Password from SSO.
If you want to
change the authentication type after installation is complete, access the Cisco
TSP Configuration-User Tab UI and select the authentication type you want to
use.
During an upgrade
of an older Cisco TSP client to a new Cisco TSP client, the authentication type
of the end user is retained from the previous configuration of the CiscoTSP
client that is being upgraded.
If you choose to
add a fresh TSP instance during the upgrade, the newly added TSP instance is
completely configurable and you can select the authentication type as either
SSO or Username\Password.
Silent
Installation
The new parameter
AUTH is
added to the existing Silent Install Command line, to specify Authentication
type during installation.
Examples
Customer
information:
- USER ID = bob
- PASSWORD = cisco123
CTI-Manager
configuration:
- CTIManager1= 1.1.1.1
(ipv4) , 1:1:1:1:1:1 (ipv6), cti-dev-94.cisco.com (hostname)
- CTI1_TYPE = Ipv4 , Ipv6 ,
Host
Authentication Type: User
Credentials
Silent install
for end user : bob with Authentication Type : User Credentials , Primary
CTIManager IP address : 1.1.1.1 and IP addressing mode : IPV4
- Command Line for a 32-bit
machine :
CiscoTSP.exe
/s /v"/qn AUTH=0 PASS=cisco123 USER=bob CTI1= CTIManager address
CTI1_TYPE=IPV4"
- Command Line for a 64-bit
machine :
CiscoTSPx64.exe /s /v"/qn AUTH=0 PASS=cisco123 USER=bob
CTI1=1.1.1.1 CTI1_TYPE=IPV4"
Silent install
for end user : bob with Authentication Type : User Credentials , Primary
CTIManager IP address : 1:1:1:1:1:1 and IP addressing mode : IPV6
- Command Line for a 32-bit
machine :
CiscoTSP.exe
/s /v"/qn AUTH=0 PASS=cisco123 USER=bob CTI1= CTIManager address
CTI1_TYPE=IPV6"
- Command Line for a 64-bit
machine :CiscoTSPx64.exe
/s /v"/qn AUTH=0 PASS=cisco123 USER=bob CTI1=1.1.1.1 CTI1_TYPE=IPV6"
Authentication Type: Single
Sign On
Silent install
for end user : bob with Authentication Type : Single Sign On, Primary
CTIManager IP address : 1.1.1.1 and IP addressing mode : IPV4
- Command Line for a 32-bit
machine :
CiscoTSP.exe
/s /v"/qn AUTH=1 CTI1=1.1.1.1 CTI1_TYPE=IPV4"
- Command Line for a 64-bit
machine :
CiscoTSPx64.exe /s /v"/qn AUTH=1 CTI1=1.1.1.1
CTI1_TYPE=IPV4"
Silent install
for end user : bob with Authentication Type : Single Sign On, Primary
CTIManager IP address: 1:1:1:1:1:1 and IP addressing mode : IPV6
- Command Line for a 32-bit
machine :
CiscoTSP.exe
/s /v"/qn AUTH=1 CTI1=1.1.1.1.1.1 CTI1_TYPE=IPV6"
- Command Line for a 64-bit
machine :
CiscoTSPx64.exe /s /v"/qn AUTH=1 CTI1=1.1.1.1.1.1
CTI1_TYPE=IPV6"
Silent install
for end user : bob with Authentication Type : Single Sign On , Primary
CTIManager IP address : cti-dev-94.cisco.com and IP addressing mode : Hostname
- Command Line for a 32-bit
machine :
CiscoTSP.exe
/s /v"/qn AUTH=1 CTI1=cti-dev-94.cisco.com CTI1_TYPE=HOST"
- Command Line for a 64-bit
machine :
CiscoTSPx64.exe /s /v"/qn AUTH=1 CTI1=cti-dev-94.cisco.com
CTI1_TYPE=HOST"
For more
information about Silent Installation, see
"Silent
Installation of Cisco Unified CM TSP" in the
TAPI
Developer Guide.
Limitations
Authentication
using a Single Sign-On is not supported when multiple instances of TSP are
configured.
Users must log out
of the operating system when they switch accounts (for example, Microsoft
switch user feature is not supported).
Interface
Changes
The following
messages can appear in the tool tip box of CiscoTSPNotifier when failures
occur:
- Unified CM TSP SSO OAUTH
Authentication failed – Token Unauthorized
- Unified CM TSP SSO OAUTH
Authentication failed – Invalid Token
- Unified CM TSP SSO OAUTH
failed – Server is not Reachable
- Unified CM TSP SSO OAUTH
Fetch failed – SSO is Disabled on Server
- Unified CM TSP SSO OAUTH
Fetch failed – OAUTH Invalid message
- Unified CM TSP SSO OAUTH
Fetch failed – Receive TimeOut
- Unified CM TSP SSO OAUTH
Fetch failed – SSO Status
- Unified CM TSP SSO OAUTH
Fetch failed – SSO Token