Guest

Preview Tool

Cisco Bug: CSCuo05180 - Can't AuthZ Ext. AuthN'd User Using Device Grp Membership Other Cond.

Last Modified

Feb 12, 2018

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.2(0.899)

Description (partial)

Symptom:
Can't authorize external identity source or certificate authenticated users using device's identity group as an "other condition" within an authorization policy rule.

Conditions:
Authenticate a user against AD or using a certificate.  Then create an authorization rule to match the user's device's group membership.  Configure the condition like: "IdentityGroup:Name MATCHES .*Device-Enabled.*"  (without the quotes).  The rule never matches.

Related Community Discussions

Identity Group as a policy set condition
Hello, A separate Policy Set for Alcatel IP Phones is created in a customer environment. The Alcatel devices are profiled correctly and all MAC addresses are listed in an Endpoint identity Group. The idea is to configure the Policy Set Condition to match the Alcatel Identity group. However it is not and matching Default Policy set. I have tried with other conditions/attributes like Location, NAS IP, etc it works. I am trying to figure out the reason why identity group is not matched. I have put the ...
Latest activity: Jan 30, 2018
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.