cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

544
Views
4
Helpful
3
Replies
Highlighted
Cisco Employee

Authorization without Authentication

Is it possible to use ISE for authorization without authentication?  My use case centers around using ISE to authorize SSLVPN connections in an SSO configuration, without having to supply credentials for authentication.  In this use case we would validate a user certificate on an ASA, and if it's accepted the ASA would pass the username over to ISE for group membership lookup in AD.  Based on the group memberships that are returned from AD, ISE would send back authorization permissions to the ASA.

Thanks,

Matt

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Authorization without Authentication

Around 06:00 in this labminutes video How to Configure Cisco SSL VPN AnyConnect Client Certificate and Double Authentication (Part 2) shows the key is to continue with authentication failures.

3 REPLIES 3
Cisco Employee

Re: Authorization without Authentication

Cisco Employee

Re: Authorization without Authentication

Thank you!  This was helpful, but do you know if there is a way to pass back a name from the certificate itself, like UPN or CN, and look that up in AD to get group membership(s) to determine which authorization policy to apply?

Cisco Employee

Re: Authorization without Authentication

Around 06:00 in this labminutes video How to Configure Cisco SSL VPN AnyConnect Client Certificate and Double Authentication (Part 2) shows the key is to continue with authentication failures.