Guest

Preview Tool

Cisco Bug: CSCum91020 - DOC - ACS Dynamic Attribute Mapping with NDG Needs to be Documented

Last Modified

Mar 01, 2017

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases

5.4(0.1)

Description (partial)

Symptom:
Documentation needs to be published on CCO to detail the proper formatting for the configuration of ACS string identity attributes when used with Dynamic Attribute Mapping.

Conditions:
- ACS 5.x
- Dynamic attribute mapping is used in AuthZ rule to dynamically identify whether rule is matched based on identity string attribute defined within username configuration

Example:
1. Create an internal user identity string attribute
2. Create a NDG location group
3. Associate device with NDG location group
4. Create an internal user account using the identity string attribute from step 1 to match a particular NDG:location
5. Bind this all together in an AuthZ rule to allow the policy to be matched dynamically if the identity string attribute configured in the username matches the NDG:Location of the device user is authenticating from
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.