Preview Tool

Cisco Bug: CSCvu44238 - X509 SSH authentication incorrect UPN value selected for the AAA server.

Last Modified

Jun 04, 2020

Products (1)

  • Cisco 4000 Series Integrated Services Routers

Known Affected Releases

16.12.2 16.9.3 16.9.4 16.9.5 17.2.1r

Description (partial)

The device Fails to select the user principlename from the certificate for aaa authorization

CRYPTO_PKI: Populate AAA auth data
CRYPTO_PKI: found UPN as value data 
CRYPTO_PKI: found UPN as value data `X!,A0m!hZhlrHC!`Wz 
CRYPTO_PKI: Selected AAA username: '`X!,A0m!hZhlrHC!`Wz'

using the following configuration for certificate attribute  <userprinciplename> for aaa authorization:

crypto pki trustpoint CA
 enrollment terminal
 revocation-check none
 authorization list ISE-Servers
 authorization username alt-subjectname userprinciplename
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.