cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

786
Views
3
Helpful
6
Replies
Highlighted
Cisco Employee

ISE 2.2 Single Click Sponsor Approval

Hi Team,

My customer is using the Single Click Sponsor Approval feature in their setup. In his situation where everything works as expected, the Approve/Deny link points to the PSN1. However, in a situation where the PSN1 is down, it should ideally fallback to PSN2 which does not happen in our case. When we hover over the Approve/Deny hyperlink, we still see it pointing to PSN1. Clicking on it takes us to PSN1 as well.

According to the Document - https://communities.cisco.com/docs/DOC-70777, it is mentioned "The URL that is returned in the email to the sponsor is encoded with the Sponsor Portal Test URL of the 1st matched sponsor portal.  The only way to override this is to give the portal an EASY URL (FQDN) set in sponsor portal settings. Example: sponsorportal.domain.com maps to IP address of PSN1, PSN2 in DNS as a CNAME Alias"


However, how can we achieve this if there is no load balancer in place? Would there be a different workaround for this case?

Thanks in advance,

Best regards.

Everyone's tags (7)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE 2.2 Single Click Sponsor Approval

You can use DNS too make sure that more than one psn resolves to the easy URL fqdn

Would rely on a global load balancer or intelligent DNS to resolve to nearest, most available, or simply pingable host.  Also possible to return multiple entries and let client figure it out.

6 REPLIES 6
Cisco Employee

Re: ISE 2.2 Single Click Sponsor Approval

You can use DNS too make sure that more than one psn resolves to the easy URL fqdn

Would rely on a global load balancer or intelligent DNS to resolve to nearest, most available, or simply pingable host.  Also possible to return multiple entries and let client figure it out.

Cisco Employee

Re: ISE 2.2 Single Click Sponsor Approval

Thank you for the confirmation Jason. Appreciate the quick response.

Cisco Employee

Re: ISE 2.2 Single Click Sponsor Approval

Hi Jason,

On the same lines, In the Single Click Approval feature, while clicking on Approve link from the email, is it expected behavior to be redirected to the browser with an IP address instead of the FQDN even though the FQDN is configured on the sponsor portal?

Cisco Employee

Re: ISE 2.2 Single Click Sponsor Approval

What do you have in the email notification? This needs to have the FQDN there as well.

Do you have well known certs setup with correct names?

Cisco Employee

Re: ISE 2.2 Single Click Sponsor Approval

Hi Jason,

I have checked all certificates, they are in place.

Hitting the Portal Test URL on the sponsor portal takes us to the URL with the FQDN. We do not see an issue with the FQDN being used anywhere else. However, the Approve Button for some reason on the email notification points to the IP address and not the FQDN.

Cisco Employee

Re: ISE 2.2 Single Click Sponsor Approval

Please update the notification message to include the FQDN

Its listed in the doc https://communities.cisco.com/docs/DOC-70777