Guest

Preview Tool

Cisco Bug: CSCvu44238 - X509 SSH authentication incorrect UPN value selected for the AAA server.

Last Modified

Jun 04, 2020

Products (1)

  • Cisco 4000 Series Integrated Services Routers

Known Affected Releases

16.12.2 16.9.3 16.9.4 16.9.5 17.2.1r

Description (partial)

Symptom:
The device Fails to select the user principlename from the certificate for aaa authorization

CRYPTO_PKI: Populate AAA auth data
CRYPTO_PKI: found UPN as value data test.aaa.com 
CRYPTO_PKI: found UPN as value data `X!,A0m!hZhlrHC!`Wz 
CRYPTO_PKI: Selected AAA username: '`X!,A0m!hZhlrHC!`Wz'

Conditions:
using the following configuration for certificate attribute  <userprinciplename> for aaa authorization:

crypto pki trustpoint CA
 enrollment terminal
 revocation-check none
 authorization list ISE-Servers
 authorization username alt-subjectname userprinciplename
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.