Configure Cisco Jabber
Cisco Jabber is a suite of Unified Communications applications that allow seamless interaction with your contacts from anywhere. Cisco Jabber offers IM, presence, audio and video calling, voicemail, and conferencing.
The applications in the Cisco Jabber family of products are:
-
Cisco Jabber for Windows
-
Cisco Jabber for Mac
-
Cisco Jabber for iPhone and iPad
-
Cisco Jabber for Android
-
Cisco Jabber Softphone for VDI
For more information about the Cisco Jabber suite of products, see https://www.cisco.com/go/jabber or https://www.cisco.com/c/en/us/products/unified-communications/jabber-softphone-for-vdi/index.html .
For detailed information about how to configure your system to work with Cisco Jabber, see the Cisco Jabber Deployment and Installation Guide at http://www.cisco.com/c/en/us/support/unified-communications/jabber-windows/products-installation-guides-list.html.
OAuth Refresh Logins for Cisco Jabber
Cisco Jabber clients, as of Jabber Release 11.9, can use OAuth Refresh Logins to authenticate with Cisco Unified Communications Manager and the IM and Presence Service. This feature improves the user experience for Cisco Jabber by providing the following benefits:
-
After an initial login, provides seamless access to resources over the life of the refresh token.
-
Removes the need for Cisco Jabber clients to re-authenticate frequently.
-
Provides consistent login behavior in SSO and non-SSO environments.
With OAuth Refresh Logins, Cisco Unified Communications Manager issues clusterwide access tokens and refresh tokens that use the OAuth standard. Cisco Unified Communications Manager and IM and Presence Service use the short-lived access tokens to authenticate Jabber (the default lifespan for an access token is 60 minutes). The longer-lived refresh tokens provide Jabber with new access tokens as the old access tokens expire. So long as the refresh token is valid the Jabber client can obtain new access tokens dynamically without the user having to re-enter credentials (the default refresh token lifespan is 60 days).
All access tokens are encrypted, signed, and self-contained using the JWT format (RFC7519). Refresh tokens are signed, but are not encrypted.
Note |
OAuth authentication is also supported by Cisco Expressway and Cisco Unified Connection. Make sure to check with those products for compatible versions. Refer to Cisco Jabber documentation for details on Jabber behavior if you are running incompatible versions. |
Authentication Process
When a Cisco Jabber client authenticates, or when a refresh token is sent, Cisco Unified Communications Manager checks the following conditions, each of which must be met for authentication to succeed.
-
Verifies the signature.
-
Decrypts and verifies the token.
-
Verifies that the user is an active user. For example, an LDAP-synced user whom is subsequently removed from the external LDAP directory, will remain in the database, but will appear as an inactive user in the User Status of End User Configuration.
-
Verifies that the user has access to resources, as provided by their role, access control group, and user rank configuration.
Note |
For backward compatibility, older Jabber clients and supporting applications such as the Cisco Unified Real-Time Monitoring Tool can authenticate using the implicit grant flow model, which is enabled by default. |