Cisco Cisco Expressway Maintenance Manual
■
German
■
Spanish
■
Japanese
■
Korean
■
Russian
Note:
These localizations apply to the X8.5.1 versions of UI and help.
Important behavior changes
MRA authorizations are now rate controlled by default, to reduce the load of unnecessary authorizations on the
Expressway. Take care when you upgrade because your current endpoint software may be reauthorizing more often
than necessary, which could result in the Expressway issuing HTTP 429 "Too Many Requests". If you routinely see
this error after upgrade, you can edit the rate control settings at Configuration > Unified Communications
> Configuration > Advanced.
Expressway. Take care when you upgrade because your current endpoint software may be reauthorizing more often
than necessary, which could result in the Expressway issuing HTTP 429 "Too Many Requests". If you routinely see
this error after upgrade, you can edit the rate control settings at Configuration > Unified Communications
> Configuration > Advanced.
Software enhancements
■
This release introduces rate control for successful authorisations, via MRA, of users accessing collaboration
services; this feature applies to SSO-authenticated users as well as non-SSO-authenticated users.
services; this feature applies to SSO-authenticated users as well as non-SSO-authenticated users.
■
The Single Sign-On feature introduced in X8.5.1 has been further improved in this release. The status
information concerning user tokens has been improved. You can also purge tokens issued to a user, or to all
users, if necessary. The UI for the SAML export feature has been improved.
information concerning user tokens has been improved. You can also purge tokens issued to a user, or to all
users, if necessary. The UI for the SAML export feature has been improved.
■
The cluster database (CDB) resiliency has been improved.
X8.5.1
SSO over MRA
The Expressway-C now defaults to SHA-256 for signing SSO requests it gives to clients, and you can change it to use
SHA-1 if required. In version X8.5, when the SSO feature was previewed, the Expressway-C defaulted to SHA-1 and
there was no way to select a different algorithm.
SHA-1 if required. In version X8.5, when the SSO feature was previewed, the Expressway-C defaulted to SHA-1 and
there was no way to select a different algorithm.
Note:
If you were using the SSO feature with X8.5, this change may cause it to stop working after upgrade to X8.5.1.
You have two options to resolve this: leave the new default on the Expressway-C, and you may need to reconfigure
the IdP to expect requests to be signed with SHA-256 (recommended for better security); the other option is to revert
the Expressway-C's signing algorithm to SHA-1 for your IdP (go to Configuration > Unified Communications
> Identity Providers (IdP), locate your IdP row, then in Actions column click Configure Digest).
the IdP to expect requests to be signed with SHA-256 (recommended for better security); the other option is to revert
the Expressway-C's signing algorithm to SHA-1 for your IdP (go to Configuration > Unified Communications
> Identity Providers (IdP), locate your IdP row, then in Actions column click Configure Digest).
Jabber 10.6 File Transfer support
The Cisco Jabber file transfer over MRA limitation, which was previously documented in Expressway documents, has
now changed as follows:
now changed as follows:
■
Peer-to-peer file transfer when using IM and Presence Service and Jabber is unsupported via MRA.
■
Managed File Transfer (MFT) with IM and Presence Service 10.5.2 (and later) and Jabber 10.6 (and later)
clients is supported via MRA.
clients is supported via MRA.
■
File transfer with WebEx Messenger Service and Cisco Jabber is supported via MRA.
Jabber 10.6 can be deployed into an infrastructure where users are organized into more than one domain, or into
domains with subdomains. This requires IM and Presence Service 10.0.x (or later).
domains with subdomains. This requires IM and Presence Service 10.0.x (or later).
Limited testing has shown that this feature works via MRA. Hence this feature is in preview with Expressway X8.5.1
and later, pending further testing and full support in a future version of Expressway.
and later, pending further testing and full support in a future version of Expressway.
358
Cisco Expressway Administrator Guide