Cisco Bug: CSCvu68727 - ISE 2.6 p5 ERS API res for req with user with insufficient access is HTTP 401 with HTML body
Jun 19, 2020
- Cisco Identity Services Engine
Known Affected Releases
Symptom: Example incorrect response for request with user ersuser who is not allowed to do POST: === Request: curl --location --request POST 'https://IP:9060/ers/config/networkdevicegroup' \ --header 'Accept: application/xml' \ --header 'Authorization: Basic yyy' Response: Status: 401 Unathorized (not expected) Body: (not expected HTML output) <!doctype html .. <html lang="en" .. ... </html .. Conditions: Any ERS API call with correct credentials for user with insufficient privileges.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases