Preview Tool

Cisco Bug: CSCun74285 - ISE safe mode does not bypass admin portal certificate authentication

Last Modified

Nov 27, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.2(0.899) 1.2(0.906)

Description (partial)

When configuring the ISE admin portal for user certificate authentication, certificate misconfiguration can result in being locked out from the admin portal.  The "application start ise safe" feature can be used to mitigate these situations.  The expected behavior is that ISE should bypass certificate authentication and default to local admin credentials.  This bypass capability does not appear to be working in ISE 1.2 through ISE 1.2 patch 6.  When running in safe mode, attempting to access the ISE admin portal will result in the following error:

"Authentication Error:  Certificate Based Authentication is Enabled, Client does not have a certificate."

Observed in ISE 1.2 and 1.2 patch 6

Related Community Discussions

ISE Web UI client certificate issue
I recently switched the authentication type from password based to client certificate based.  I setup the Certificate Authentication Profile, Identity Source and imported the active directory groups I was attempting to use.  Once I restarted the application I can no longer access the web ui. When I attempt to access the web ui I'm prompted for my certificate which I supply and then I get an authentication failure message.  I was reading online and someone suggested using the CLI and issuing the following ...
Latest activity: Apr 14, 2014
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.