Cisco Cisco Expressway
Unable to configure IM&P servers for remote access
'Failed: <address> is not a IM and Presence Server'
This error can occur when trying to configure the IM&P servers used for remote access (via
Configuration >
Unified Communications > IM and Presence servers
).
It is due to missing CA certificates on the IM&P servers and applies to systems running 9.1.1. More
information and the recommended solution is described in
information and the recommended solution is described in
Invalid SAML assertions
If clients fail to authenticate via SSO, one potential reason is that invalid assertions from the IDP are being
rejected by the Expressway-C.
rejected by the Expressway-C.
Check the logs for "Invalid SAML Response".
One example is when ADFS does not have a claim rule to send the users' IDs to the Expressway-C. In this
case you will see "No uid Attribute in Assertion from IdP" in the log.
case you will see "No uid Attribute in Assertion from IdP" in the log.
The Expressway is expecting the user ID to be asserted by a claim from ADFS that has the identity in an
attribute called uid. You need to go into ADFS and set up a claim rule, on each relying party trust, to send
the users' AD email addresses (or sAMAccountNames, depending on your deployment) as "uid" to each
relying party.
attribute called uid. You need to go into ADFS and set up a claim rule, on each relying party trust, to send
the users' AD email addresses (or sAMAccountNames, depending on your deployment) as "uid" to each
relying party.
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.6)
Page 53 of 55
Appendix 1: Troubleshooting