Guest

Preview Tool

Cisco Bug: CSCvv57830 - Group lookup failed as empty value to be appended to the context

Last Modified

Oct 11, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.2(0.917) 2.4(0.913) 2.6(0.904) 2.7(0.901)

Description (partial)

Symptom:
--- Authorize-Only Radius requests will not trigger AD Group Lookup, as a result Authorization Policy with AD Group as a condition will not match, this happens only if user is not found in 1st AD Joint Point.

Conditions:
--- There are 2+ Active Directory Joint Points configured;
--- If during Authorize-Only lookup user is not found in 1st Joint Point (Active Directory Group lookups will not be done in subsequent Joint Points, see example of detailed authentication report).
--- ISE release has a fix CSCvr83696, which caused this regression
--- Detailed Authentication reports shows Querid PIP for External Group for 2nd JP, but you don’t see message of ?User's Groups retrieval from Active Directory succeeded?
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.