Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
812
Views
0
Helpful
2
Replies

Update of custom attribute is not taken nor sync'ed immediately

Go to solution
binhphule
Level 1
Level 1

‎12-22-2017 11:29 AM

Greetings,

I am creating an endpoint custom attribute together with few authorization profiles that will be applied upon each value assigned to the custom attribute.  It's been verified that the solution works and corresponding authorization profile as been applied accordingly when the endpoint is reauthenticated.

However, occasionally I notice that although the custom attribute has been set, the updated value of that attribute is not  always being picked up during the re-authentication process. Sometime I had to delay 5 seconds after updating the value of the attribute before triggering the reauth, sometime even 20-25 seconds to make it worked.

The custom attribute is updated by issuing a PUT operation via "/ers/config/endpoint" API and session reauth is done via "/admin/API/mnt/CoA/Reauth", and I'm using ISE release 2.1. I'm suspecting when setting the custom variable, the value is not immediately being updated at the same place where the authentication would look at to decide which authorization profile(s) being applied.  Is there anyway to set or get the value of  the attributes similar to how the authentication process does to ensure that the value has been updated?


Thanks a lot in advance,

Binh

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎12-22-2017 12:05 PM

System must replicate data so once updated at Primary PAN via ERS, the information is propagated to the PSNs where policy takes place.  Replication should occur within seconds.  30 seconds seems a bit long, but that could be due to other factors.  There have also been a number of fixes on profile replication in recent ISE 2.x patches.

Craig

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Craig Hyps
Level 10
Level 10

‎12-22-2017 12:05 PM

System must replicate data so once updated at Primary PAN via ERS, the information is propagated to the PSNs where policy takes place.  Replication should occur within seconds.  30 seconds seems a bit long, but that could be due to other factors.  There have also been a number of fixes on profile replication in recent ISE 2.x patches.

Craig

0 Helpful

Go to solution
binhphule
Level 1
Level 1
In response to Craig Hyps

‎12-28-2017 05:29 PM

Thanks a lot Craig. I realized that we didn't have our system patched which could be the issue. I will do that and update the community if I found further issue on this.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents