Cisco Cisco Expressway メンテナンスマニュアル
n
Cisco Jabber 10.6 or later
Supported Unified Communications services
n
Cisco Unified Communications Manager 10.5(2) or later
n
Cisco Unity Connection 10.5(2) or later
n
Cisco Unified Communications Manager IM and Presence Service 10.5(2) or later
n
Other internal web servers, for example intranet
How it works
Cisco Jabber determines whether it is inside the organization's network before it requests a Unified
Communications service. If it is outside the network, then it requests the service from the Expressway-E on
the edge of the network. If single sign-on is enabled at the edge, the Expressway-E redirects Jabber to the
IdP with a request to authenticate the user.
Communications service. If it is outside the network, then it requests the service from the Expressway-E on
the edge of the network. If single sign-on is enabled at the edge, the Expressway-E redirects Jabber to the
IdP with a request to authenticate the user.
The IdP challenges the client to identify itself. When this identity is authenticated, the IdP redirects Jabber's
service request back to the Expressway-E with a signed assertion that the identity is authentic.
service request back to the Expressway-E with a signed assertion that the identity is authentic.
The Expressway-E trusts the IdP, so it passes the request to the appropriate service inside the network. The
Unified Communications service trusts the IdP and the Expressway-E, so it provides the service to the
Jabber client.
Unified Communications service trusts the IdP and the Expressway-E, so it provides the service to the
Jabber client.
Figure 9: Single sign-on for on-premises UC services
Single Sign-On prerequisites
On the Expressway pair:
n
An Expressway-E and an Expressway-C are configured to work together at your network edge.
n
A Unified Communications traversal zone is configured between the Expressway-C and the Expressway-
E.
E.
Cisco Expressway Administrator Guide (X8.5)
Page 73 of 394
Unified Communications
Mobile and remote access