Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1529
Views
0
Helpful
5
Replies

ACS 5.2 not matching authorization policies

Go to solution
lpavon0312
Level 1
Level 1

‎01-23-2016 12:15 PM - edited ‎03-10-2019 11:25 PM

I have a fairly simple lab environment with ACS 5.2, where I have 2 identity groups and 2 device types, where I want users in one identity group to be able to authenticate only on devices in the corresponding device type. I have my policies in place but the ACS is not matching any of them and goes to the default policy instead. Even going to the default policy, I set the action to DenyAccess, and yet it still allows access. Has anyone had something similar? 

Labels:
Preview file
208 KB
Preview file
273 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎01-23-2016 01:23 PM

If you're using Chrome as a browser to manage your ACS then here is a defect that matches your scenario. Lot of customer come across this issue last year. However in the latest codes of ACS this defect has been fixed.

CSCuo93378    Certain browsers cause ACS database corruption

Use supported browser and check whether all policies and its rules and conditions are displayed correctly and resubmit all of them. Restart ACS services to get the latest changes into effect. After that test again and it should work fine for you.

Let me know if you have any questions.

~ Jatin

~Jatin

View solution in original post

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to lpavon0312

‎01-23-2016 05:55 PM

Awesome !!

For your second question ... Click on identity > select rule based result selection > click on customization (right bottom corner) > move the attribute on the right hand side you want to use in your condition ( device type for example) > click OK > Create a rule as per your requirement.

~ Jatin

~Jatin

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎01-23-2016 01:23 PM

If you're using Chrome as a browser to manage your ACS then here is a defect that matches your scenario. Lot of customer come across this issue last year. However in the latest codes of ACS this defect has been fixed.

CSCuo93378    Certain browsers cause ACS database corruption

Use supported browser and check whether all policies and its rules and conditions are displayed correctly and resubmit all of them. Restart ACS services to get the latest changes into effect. After that test again and it should work fine for you.

Let me know if you have any questions.

~ Jatin

~Jatin
0 Helpful

Go to solution
lpavon0312
Level 1
Level 1
In response to Jatin Katyal

‎01-23-2016 03:02 PM

Thank you so much Jatin, you were right that was it. I just restarted de ACS server and it worked right up. Now, how do I reference an external identity source in one of this policies? For instance I want the users from active directory only authenticating with one device type? 

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to lpavon0312

‎01-23-2016 05:55 PM

Awesome !!

For your second question ... Click on identity > select rule based result selection > click on customization (right bottom corner) > move the attribute on the right hand side you want to use in your condition ( device type for example) > click OK > Create a rule as per your requirement.

~ Jatin

~Jatin
0 Helpful

Go to solution
akarashov
Level 1
Level 1
In response to Jatin Katyal

‎06-16-2016 06:58 PM

Hi! I have CSCuo93378 problem to, but after restarting ACS services in supported browsers all policies, conditions still not displaying. And in Access Plicies > Default Device Admin > Group Mapping > rule based result selection > customization (right bottom corner) > can't see any attribute and can't create any rule (and can't see old rules). Is any other ways to solve this problem? 

Preview file
146 KB
Preview file
134 KB
Preview file
139 KB
0 Helpful

Go to solution
poongarg
Cisco Employee
Cisco Employee
In response to akarashov

‎06-20-2016 12:24 AM

Hi,

Please check the browser version as well. Kindly check the release notes for the particular ACS version. For ACS 5.2, below are the supported browsers:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/release/notes/acs_52_rn.html

Regards,

Poonam Garg

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents