Add domain suffix to login requests from a specific resource.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2021 06:54 AM
We're running ISE 3.0 and we have a requirement to add the domain suffix to usernames when authenticating to a specific resource (RADIUS). The resource will be VMware Horizon servers and we'd like for the users to be able to input JUST their username and then we will append the domain suffix when authenticating it against AD. We don't want this to be global, only when authenticating to the Horizon servers. Any suggestions on how to do this or if it's even possible? I found the rewrite rules under the AD integration but that's global it would seem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2021 01:28 PM
Are those users members of the same domain that ISE is joined to?
Have you tried having those users authenticate w/o the full domain using just their username, I suspect that it may work.
You could also have users put the @ sign (or other character) at the end of their username, and then create a rewrite rule based on [IDENTITY]@ that rewrites it as [IDENTITY].[DOMAIN] or whatever structure you need, requiring only an additional character from the user, but applying the rewrite to fulfill your needs.
HTH and please mark the solution you find.
