Guest

Preview Tool

Cisco Bug: CSCvv85632 - ASA rewriter fails when using clientless to Cisco ISE

Last Modified

Sep 25, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.13

Description (partial)

Symptom:
Using Clientless VPN through Cisco ASA and using Bookmarks, user will be unable to login to Cisco ISE. 

Ise will present login page: User will enter login credentials, and then be redirected back to the login page with no error or failure message.

Conditions:
Clientless VPN, Cisco ISE set up as a Bookmark within the ASA client-less VPN portal. 

User will attempt to login to ISE portal and will be returned to the ISE login page with no "failed credential" or error message.

To Verify you are hitting this defect: 

Set up client-less bookmark to ise: 
From the CLI run: 
nconroystandalone/admin# show logging application ise-psc.log tail

Attempt to authenticate to ISE: 

Cisco ISE will return: in ise-psc.log

020-09-23 12:41:27,417 ERROR  [admin-http-pool218][] cisco.cpm.common.logging.CSRFGuardLogger -:admin:::-
 potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:172.18.124.109, method:
POST, uri:/admin/ActiveDirectoryPrInputAction.do, error:required token is missing from the request)
2020-09-23 12:41:27,417 ERROR  [admin-http-pool222][] cisco.cpm.common.logging.CSRFGuardLogger -:admin:::-
 potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:172.18.124.109, method:
POST, uri:/admin/postUpgradeActions.do, error:required token is missing from the request)
2020-09-23 12:41:27,517 INFO   [admin-http-pool224][] cisco.cpm.admin.xss.XssChecker -::::- In  - XssCheck
er-hasXssContent - true set in checkForAdditionalXssChecks true
2020-09-23 12:41:27,522 INFO   [admin-http-pool221][] admin.restui.features.dashboard.DashboardUIAPI -::::
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.