Application User instead of End User?

Version 1
    This document was generated from CDN thread

    Created by: ERIC CORNWELL on 11-11-2009 05:02:14 PM
    Hello,

    I'm in the process of trying to get the IP Phone SDK Screenshot tool to work.  Is it possible to use an Application User for authentication instead of an End User?  We're LDAP integrated so I don't want to create another user if I don't have to.
     
    Edit: We're on CUCM 7.0.2.
     
    Thanks!

    Subject: RE: Application User instead of End User?
    Replied by: David Staudt on 11-11-2009 06:13:00 PM
    An application user should work fine.

    Subject: RE: Application User instead of End User?
    Replied by: ERIC CORNWELL on 11-11-2009 06:34:07 PM
    I was doing the test that many suggested on here using
     
    http://[IPADDR CCM]/ccmcip/authenticate.jsp?UserID=&Password=&devicename=SEP001122334455
     
    with the username and password of my application user.  I kept getting a reponse of UN-AUTHORIZED.   I was hoping that I wouldn't have to add every phone as well but it doens't look like I can get around that requirement.

    Subject: RE: Application User instead of End User?
    Replied by: David Staudt on 11-11-2009 07:37:13 PM
    Yes, the app user still has to be associated to the phones it is allowed to control.
     
    If you need universal authorization (all phones, all the time), there is a technique you may want to look into, as follows:
     
    - In the UCM Enterprise parameters, configure the phone Authentication URL to a custom URL, hosted on a web server you control
    - Your webserver will accept the incoming phone authentication requests (from every phone, all the time)
    - You can then implement whatever authentication scheme you desire.  Most simply this can be checking the credentials against a set in a config file.
    - The web server can then do one of the following:
      - return AUTHORIZED (say, if the credentials match with your 'universal user' set)
      - return UN-AUTHORIZED (if you are performing some kind of real back-end authentication check, which fails)
      - Return an HTTP redirect, pointing back to the built-in UCM authenticaion URL (typical, as this allows regular UCM user authentication to then act as backup)

    Subject: RE: Application User instead of End User?
    Replied by: ERIC CORNWELL on 12-11-2009 05:32:40 PM
    Yes, the app user still has to be associated to the phones it is allowed to control.

     
    Interesting... I tried the normal CUCM authorization link and it always returned UN-AUTHORIZED for the app user even though I had the phone registered to the account.