Guest

Preview Tool

Cisco Bug: CSCtc89566 - Authentication using alternative UPN suffix fails in AD multi-forest

Last Modified

Mar 02, 2018

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases

5.1(0.38)

Description (partial)

Symptom:
ACS does not support user authentication in AD when a user name is supplied with an alternative UPN suffix configured in multi-forest.

Conditions:
Steps to reproduce:
1. Configure a trust between two AD domains (oceania.acs.com and amer.acs.com).
2. Configure an alternative UPN suffix in one domain (alternative.com in australia.oceania.acs.com).
3. Create a user with alternative suffix in the domain (upn-test@alternative.com).
4. Configure ACS to join another domain (rio.brazil.south.amer.acs.com).
5. Perform an authentication with the user given alternative UPN suffix (upn-test@alternative.com). The authentication will fail.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.