Guest

Preview Tool

Cisco Bug: CSCuo49856 - ACS Authorization-only Policy Does not Work With AD Group Condition

Last Modified

Feb 15, 2018

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases

5.5(0.1)

Description (partial)

Symptom:
ACS Authorization conditions matching AD users to AD groups does not match if the AD authentication fails.  The AD authentication must be successful in order for AD group conditions to work in the authorization policy.

Conditions:
- Use case is that ACS is being used for Authorization-only type setup
- Authentication against Active Directory Identity store in ACS fails
- "Continue" option is configured for ID store to allow authorization to run for a failed authentication attempt
- Authorization condition is configured to be a match if user belongs to specific AD group
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.