Preview Tool

Cisco Bug: CSCtc89566 - Authentication using alternative UPN suffix fails in AD multi-forest

Last Modified

Mar 02, 2018

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases


Description (partial)

ACS does not support user authentication in AD when a user name is supplied with an alternative UPN suffix configured in multi-forest.

Steps to reproduce:
1. Configure a trust between two AD domains ( and
2. Configure an alternative UPN suffix in one domain ( in
3. Create a user with alternative suffix in the domain (
4. Configure ACS to join another domain (
5. Perform an authentication with the user given alternative UPN suffix ( The authentication will fail.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.