Single Sign-On Configuration
•Configuring the Single Sign-On Application
The single sign-on (SSO) feature allows end users to log into Windows, then use the following Cisco Unified Presence applications without signing on again:
•Cisco Unified Presence User Options
•Cisco Unified Presence Administration
•Real-Time Monitoring Tool (RTMT) Administration
•Cisco Unified Operating System Administration
•Cisco UP Client Profile Agent (Cisco Jabber) - This option is only available in Cisco Unified Presence Release 8.6(5) and later and is only applicable to customers using Common Access Card (CAC) sign-on.
Configuring the Single Sign-On Application
To configure SSO, select Cisco Unified OS Administration > Security > Single Sign On.
This application is split into three components:
A warning message displays indicating that the change in SSO settings causes Tomcat restart.
The following error messages may display when enabling the SSO application:
•Invalid Open Access Manager (OpenAM) server URL—This error message displays when you give an invalid OpenAM server URL.
•Invalid profile credentials—This error message displays when you give a wrong profile name or wrong profile password or both.
•Security trust error—This error message displays when the OpenAM certificate has not been imported.
•If you get any of the above error messages while enabling SSO, then the status changes to the above error.
The server settings are editable only when SSO is disabled for all applications.
You can enable or disable SSO on any of the following applications:
•Cisco Unified Presence Administration - Enables SSO for Cisco Unified Presence Administration, Cisco Unified Serviceability, and Cisco Unified Reporting
•Cisco Unified Presence User Options - Enables SSO for End User Options
•Cisco Unified Operating System Administration - Enables SSO for Cisco Unified Operating System Administration and Disaster Recovery System
•RTMT - Enables the web application for the Real-Time Monitoring Tool
•Cisco UP Client Profile Agent - This option is only available in Cisco Unified Presence Release 8.6(5) and later and is only applicable to customers using Common Access Card (CAC) sign-on.
Use the following procedure:
Step 1 Enter the following URL of the Open Access Manager (OpenAM) server:
Step 2 Enter the relative path where the policy agent should be deployed. The relative path must be alphanumeric.
Step 3 Enter the name of the profile that is configured for this policy agent.
Step 4 Enter the password of the profile name.
Step 5 Enter the login Module instance name that is configured for Windows Desktop SSO.
Step 6 Select Save.
Step 7 In the Confirmation dialog box, click OK to restart Tomcat.
What To Do Next
Enable the SSO feature on the Cisco Unified Presence server by entering the utils sso enable command on the Command Line Interface. For more information, see the Command Line Interface Reference Guide for Cisco Unified Presence.