11-28-2017 01:10 PM
I've read that ISE REST API uses TLS (https) over port 9060 with basic authentication. Is there any additional encryption being done for the username and/or password other than sending the data thru the TLS tunnel? e.g. password encrypted with public key of ISE server or some hash?
Thanks
Solved! Go to Solution.
11-28-2017 01:25 PM
According to the Cisco Identity Services Engine API Reference Guide, Release 2.x, the authentication credentials ARE encrypted and not just sent through the tunnel.
11-28-2017 01:25 PM
According to the Cisco Identity Services Engine API Reference Guide, Release 2.x, the authentication credentials ARE encrypted and not just sent through the tunnel.
11-28-2017 01:26 PM
No. It’s no different than logging into your bank’s web site.
Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.
11-29-2017 08:01 AM
I read that as well. It says they are encrypted but does not give details on HOW it is encrypted. That is a big deal for customers with IA audits. They need to know if it's a one way hash, uses a shared encryption key, uses the servers public asymmetrical key or just passed inside an encrypted TLS connection i.e. not encrypted. I could not find any docs internally that clarifies those details. And someone else is now saying it is not encrypted.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: