Cisco Bug: CSCtc89566 - Authentication using alternative UPN suffix fails in AD multi-forest
Mar 02, 2018
- Cisco Secure Access Control Server Solution Engine
Known Affected Releases
Symptom: ACS does not support user authentication in AD when a user name is supplied with an alternative UPN suffix configured in multi-forest. Conditions: Steps to reproduce: 1. Configure a trust between two AD domains (oceania.acs.com and amer.acs.com). 2. Configure an alternative UPN suffix in one domain (alternative.com in australia.oceania.acs.com). 3. Create a user with alternative suffix in the domain (firstname.lastname@example.org). 4. Configure ACS to join another domain (rio.brazil.south.amer.acs.com). 5. Perform an authentication with the user given alternative UPN suffix (email@example.com). The authentication will fail.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases