Cisco Bug: CSCvv57830 - Group lookup failed as empty value to be appended to the context
Oct 11, 2020
- Cisco Identity Services Engine
Known Affected Releases
2.2(0.917) 2.4(0.913) 2.6(0.904) 2.7(0.901)
Symptom: --- Authorize-Only Radius requests will not trigger AD Group Lookup, as a result Authorization Policy with AD Group as a condition will not match, this happens only if user is not found in 1st AD Joint Point. Conditions: --- There are 2+ Active Directory Joint Points configured; --- If during Authorize-Only lookup user is not found in 1st Joint Point (Active Directory Group lookups will not be done in subsequent Joint Points, see example of detailed authentication report). --- ISE release has a fix CSCvr83696, which caused this regression --- Detailed Authentication reports shows Querid PIP for External Group for 2nd JP, but you don’t see message of ?User's Groups retrieval from Active Directory succeeded?
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases