Cisco Bug: CSCvu44238 - X509 SSH authentication incorrect UPN value selected for the AAA server.
Jun 04, 2020
- Cisco 4000 Series Integrated Services Routers
Known Affected Releases
16.12.2 16.9.3 16.9.4 16.9.5 17.2.1r
Symptom: The device Fails to select the user principlename from the certificate for aaa authorization CRYPTO_PKI: Populate AAA auth data CRYPTO_PKI: found UPN as value data test.aaa.com CRYPTO_PKI: found UPN as value data `X!,A0m!hZhlrHC!`Wz CRYPTO_PKI: Selected AAA username: '`X!,A0m!hZhlrHC!`Wz' Conditions: using the following configuration for certificate attribute <userprinciplename> for aaa authorization: crypto pki trustpoint CA enrollment terminal revocation-check none authorization list ISE-Servers authorization username alt-subjectname userprinciplename
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases