Cisco Cisco Expressway Maintenance Manual
X8.5.1
SSO over MRA
The Expressway-C now defaults to SHA-256 for signing SSO requests it gives to clients, and you can change it to use
SHA-1 if required. In version X8.5, when the SSO feature was previewed, the Expressway-C defaulted to SHA-1 and
there was no way to select a different algorithm.
SHA-1 if required. In version X8.5, when the SSO feature was previewed, the Expressway-C defaulted to SHA-1 and
there was no way to select a different algorithm.
Note:
If you were using the SSO feature with X8.5, this change may cause it to stop working after upgrade to X8.5.1.
You have two options to resolve this: leave the new default on the Expressway-C, and you may need to reconfigure
the IdP to expect requests to be signed with SHA-256 (recommended for better security); the other option is to revert
the Expressway-C's signing algorithm to SHA-1 for your IdP (go to Configuration > Unified Communications
> Identity Providers (IdP), locate your IdP row, then in Actions column click Configure Digest).
the IdP to expect requests to be signed with SHA-256 (recommended for better security); the other option is to revert
the Expressway-C's signing algorithm to SHA-1 for your IdP (go to Configuration > Unified Communications
> Identity Providers (IdP), locate your IdP row, then in Actions column click Configure Digest).
Jabber 10.6 File Transfer support
The Cisco Jabber file transfer over MRA limitation, which was previously documented in Expressway documents, has
now changed as follows:
now changed as follows:
■
Peer-to-peer file transfer when using IM and Presence Service and Jabber is unsupported via MRA.
■
Managed File Transfer (MFT) with IM and Presence Service 10.5.2 (and later) and Jabber 10.6 (and later)
clients is supported via MRA.
clients is supported via MRA.
■
File transfer with WebEx Messenger Service and Cisco Jabber is supported via MRA.
Jabber 10.6 can be deployed into an infrastructure where users are organized into more than one domain, or into
domains with subdomains. This requires IM and Presence Service 10.0.x (or later).
domains with subdomains. This requires IM and Presence Service 10.0.x (or later).
Limited testing has shown that this feature works via MRA. Hence this feature is in preview with Expressway X8.5.1
and later, pending further testing and full support in a future version of Expressway.
and later, pending further testing and full support in a future version of Expressway.
Note:
This feature is distinct from the multiple deployments feature released in X8.5. That feature is limited to one
domain per deployment, where all IM and Presence Service clusters within a deployment serve a single domain. This
feature is different because it concerns MRA support for all IM and Presence Service clusters within a deployment
serving a common set of one or more Presence domains.
feature is different because it concerns MRA support for all IM and Presence Service clusters within a deployment
serving a common set of one or more Presence domains.
Each new domain impacts the Expressway’s performance. We currently recommend that you do not exceed 50
domains.
domains.
X8.5
Feature previews
The following features are implemented in this version for the purpose of previewing with dependent systems. They
are not currently supported and should not be relied upon in your production environment. Full support for these
features is planned for a future release of the Expressway software.
are not currently supported and should not be relied upon in your production environment. Full support for these
features is planned for a future release of the Expressway software.
(Preview) Single sign-on over MRA
Enables single sign-on (common identity) for SSO-capable clients that are accessing on-premises Unified
Communications services from outside the network.
Communications services from outside the network.
(Preview) MRA support for new endpoints
Mobile and Remote Access is extended in this release to include support for the Cisco DX Series endpoints, and the
8800 Series and 7800 Series IP phones, registering to Cisco Unified Communications Manager. Some features on the
IP phones, particularly where they rely on DTMF/KPML pass-through, were not available in X8.5. This limitation was
resolved in X8.5.2.
8800 Series and 7800 Series IP phones, registering to Cisco Unified Communications Manager. Some features on the
IP phones, particularly where they rely on DTMF/KPML pass-through, were not available in X8.5. This limitation was
resolved in X8.5.2.
381
Cisco Expressway Administrator Guide
Reference Material