Skip to main content
Version: 5.13

Voice

Enable CORS on Finesse Server

info

For Salesforce hosted deployments (Finesse 11.6(1) ES4 or newer)

CORS is disabled by default in Finesse from version 12.0. Please enable it in order to load the Gadget correctly on a Salesforce hosted deployment.

To enable CORS on Finesse servers use the following procedure:

  1. Check the section Compose Domains for CORS and CSP Configuration for instructions on how to Compose the Gadget URL which applies to your environment

  2. Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to Finesse CLI (Command Line Interface)

  3. Execute the following commands on the Finesse CLI to add the Gadget URL to the whitelist and enable CORS (CCE and CCX):

    utils finesse cors allowed_origin add <Gadget URL>
    utils finesse cors enable

  4. Execute the following commands on the Finesse CLI to restart Finesse Tomcat and the Finesse Notification Service:

    CCE

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Finesse Notification Service

    CCX

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Unified CCX Notification Service

  5. Repeat steps 2 to 4 on every Finesse server

info

In order to disable CORS, execute utils finesse cors disable and restart the services.

Enable Content Security Policy on Finesse Server

info

Finesse 11.6(1) ES10 or newer, Finesse 12.0(1) ES4 or newer, Finesse 12.5(1) ES3 (CCE) ES2 (CCX) or newer

Content Security Policy (CSP) is a standardized set of security directives that can inform the browser of the policies to be used to help mitigate various forms of attacks. The CSP frame-ancestor policy defines the allowable locations from where the Finesse desktop can be accessed as embedded HTML content, which can help prevent click-jacking attacks.

Finesse 12.0(1) ES4 or newer, Finesse 12.5(1) ES3 (CCE) ES2 (CCX)

To enable Frame Access on Finesse server use the following procedure:

  1. Check the section Compose Domains for CORS and CSP Configuration for instructions on how to Compose the Lightning, Classic and Gadget URLs which apply to your environment

  2. Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to Finesse CLI (Command Line Interface)

  3. Execute the following commands on the Finesse CLI to add the URLs to the whitelist (CCE and CCX):

    utils finesse frame_access_whitelist add <Lightning URL>
    utils finesse frame_access_whitelist add <Classic URL>
    utils finesse frame_access_whitelist add <Gadget URL>

  4. Execute the following commands on the Finesse CLI to restart Finesse Tomcat and the Finesse Notification Service:

    CCE

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Finesse Notification Service

    CCX

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Unified CCX Notification Service

  5. Repeat steps 2 to 4 on every Finesse server

Finesse 12.5(1) ES4 or newer

To enable Frame Access on Finesse server use the following procedure:

  1. Check the section Compose Domains for CORS and CSP Configuration for instructions on how to Compose the Lightning, Classic and Gadget URLs which apply to your environment

  2. Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to the Finesse CLI (Command Line Interface)

  3. Execute the following commands on the Finesse CLI to add the URLs to the whitelist (CCE and CCX):

    utils finesse frame_access_allowed_list add <Lightning URL>
    utils finesse frame_access_allowed_list add <Classic URL>
    utils finesse frame_access_allowed_list add <Gadget URL>

  4. Execute the following commands on the Finesse CLI to restart Finesse Tomcat and the Finesse Notification Service:

    CCE

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Finesse Notification Service

    CCX

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Unified CCX Notification Service

  5. Repeat steps 2 to 4 on every Finesse server

Finesse 11.6(1) ES10 or newer

To allow Finesse resources to be loaded inside any Iframe you need to use following procedure:

  1. Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to the Finesse CLI (Command Line Interface)

  2. Execute the following command on the CLI:

    utils finesse xframe enable_all
    utils service restart Cisco Finesse Tomcat

  3. Repeat steps 1 and 2 on every Finesse server

Whitelist Gadget URL on Reverse Proxy for VPN-less Finesse

Compose Gadget URL

  1. Check chapter Compose Domains for CORS and CSP Configuration and compose the Gadget URL according to your deployment.
  2. Remove "https://" prefix
  3. Store modified URL for later use

Add Gadget URL to reverse proxy

Add the retrieved URL from previous step to the list of whitelisted domains. At the time of publication, that domains list was found inside the file server_filters, as part of the valid_referers setting.

For details about reverse proxy configuration/installation, please refer to Cisco's official documentation:

Compose Domains for CORS and CSP Configuration

CORS and CSP directives are bound to specific domains configured on the Finesse CLI. The domains required to be whitelisted for the b+s Connects for Salesforce package highly depend on your My Domain settings inside your Salesforce org.

There are always three different domains which need to be whitelisted:

  • Domain for Salesforce Lightning top frame URL (Classic URL)
  • Domain for Salesforce Classic Console top frame URL (Lightning URL)
  • Domain for the softphone frame URL (Gadget URL)

Under b+s Configuration | Global | Finesse you can find the Urls list, otherwise you can compose them as specified below.

CORS_CPS_VPN-less

The properties of the Salesforce org which affect the domains are:

  • My Domain name of the org
  • Whether or not the org is a sandbox
  • Whether or not Enhanced Domains are enabled
  • If Enhanced Domains are disabled, whether or not URL Stabilization for Visualforce pages are enabled

You can get the My Domain Name name of your Salesforce org by going to Setup | Company Settings | My Domain.

Here you can find out how to compose these domains for your environment:

important

For CSP URLs, please add the corresponding port at the end of each URL in the format URL:port

For Non Sandbox Orgs

Enhanced Domain Enabled

  • Lightning URL: https://[my-domain].lightning.force.com
  • Classic URL: https://[my-domain].my.salesforce.com
  • Gadget URL: https://[my-domain]--cnx.vf.force.com

Enhanced Domain Disabled and URL Stabilization enabled

  • Lightning URL: https://[my-domain].lightning.force.com
  • Classic URL: https://[my-domain].my.salesforce.com
  • Gadget URL: https://[my-domain]--cnx.visualforce.com

Enhanced Domain Disabled and URL Stabilization disabled

  • Lightning URL: https://[my-domain].lightning.force.com
  • Classic URL: https://[my-domain].my.salesforce.com
  • Gadget URL: https://[my-domain]--cnx.[instance].visual.force.com

For Sandbox Orgs

Enhanced Domain Enabled

  • Lightning URL: https://[my-domain]--[sandbox-name].sandbox.lightning.force.com
  • Classic URL: https://[my-domain]--[sandbox-name].sandbox.my.salesforce.com
  • Gadget URL: https://[my-domain]--[sandbox-name]--cnx.sandbox.vf.force.com

Enhanced Domain Disabled and URL Stabilization enabled

  • Lightning URL: https://[my-domain]--[sandbox-name].lightning.force.com
  • Classic URL: https://[my-domain]--[sandbox-name].my.salesforce.com
  • Gadget URL: https://[my-domain]--[sandbox-name]--cnx.visualforce.com

Enhanced Domain Disabled and URL Stabilization disabled

  • Lightning URL: https://[my-domain]--[sandbox-name].lightning.force.com
  • Classic URL: https://[my-domain]--[sandbox-name].my.salesforce.com
  • Gadget URL: https://[my-domain]--[sandbox-name]--cnx.[instance].visual.force.com

Reason Codes

Use the Cisco Finesse Administration platform to configure Wrap-Up, Logout and Not-Ready-Reasons.

  • https://<Finesse Server A>/cfadmin (CCE deployment)
  • https://<Finesse Server A>:8445/cfadmin (CCX deployment)

Configure Reason Codes

Configure Reason Codes

Enable Team API Access

A new configuration property enableTeamAPIAccessForAllusers is added in Finesse 12.6(1) ES 01 and CCX 12.5(1) SU2 ES03 / SU3 for enabling the Team API access for all agents and supervisors. When you enable this property, all agents and supervisors will be able to access information of all the teams without any restriction.

Note: The property enableTeamAPIAccessForAllusers is not documented in Cisco official UCCX/Finesse documentation. Starting with CCX 12.5(1) SU2 ES03 and CCX 12.5(1) SU3 this property must also be enabled for CCX.

If this property is disabled, only administrator and supervisors can access the Team API. Supervisors can access the information of the teams that they are asigned to and Administrators can access all the teams. By default this property is disabled.

Use the following command to enable this configuration property:

utils finesse set_property webservices enableTeamAPIAccessForAllusers true

On confirmation, restart the CiscoFinesse Tomcat service for the changes to take effect.