Guest

Preview Tool

Cisco Bug: CSCvs34509 - ISE doesn't load all attributes for authentication after start of services

Last Modified

Apr 13, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.4(0.357)

Description (partial)

Symptom:
Once services of ISE are started (after restart), ISE is unable to process some session specific attributes (in this case PostureStatus) and may fail to authenticate legitimate users. This is seen ~1minute after services are started.

For example, if authorization condition in rule is:

Session:PostureStatus EQUAL Unknown

This condition is not matched and ISE starts to process rule below. This may cause users matching rules with zero access or limited access.

Conditions:
restart of ISE services
condition PostureStatus used in authorization policy
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.