cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
926
Views
0
Helpful
5
Replies

Cisco ISE Reports

msporleder
Level 1
Level 1

Hello everyone,

is there any possibility how to create a report in ISE (1.1.4.218 or 1.4.0.253) where I can display the the "Issuer - Common Name" of the client/user-certificate?

Thank you very much in advance!

Regards,
Manuel

-- Regards, Manuel
5 Replies 5

Gagandeep Singh
Cisco Employee
Cisco Employee

Could you please confirm the following :

1) Are you talking about CN to to be check during user authentication in ISE.

2) Looking for where endpoint-user certificate is present in ISE.

Regards

Gagan

Hello Gagan,

sorry for replying so late.


I am talking about the Common Name of the issuer of a client-certificate.
Like: This client-certificate was issued by CA ??? .

Regards
Manuel

-- Regards, Manuel

Yes, ISE has the capability to fetch just the CN of the certificate and take it to AD for checking the user authentication.

Also there is a binary comparison of certificate received from client and match it with certificate present in AD.

Administration > Identity > External identity store > Certificate authentication profile.

Hope it answers you query!!!!

Regards

Gagan

PS : rate if it helps!!!!!

Hello Gagan,

I know that the ISE has all the informations. But I dont see any chance to create a custom report where I can filter for the CN of the client-certificate-issuer.

And this is what I would like to do.

Or to have a column in the live authentications where I can filter for that attribute.

What I did as a workaroung: I created many authorization-rules where I also ask for the attribute "CERTIFICATE:Issuer - Common Name" and then as the result I crated different authorization profiles (basically all with the same attribute details but with different names).

So now I can filter on the name of the authorization profiles...

But from my point of view this is not a good way to handle this.

Especially all the informations are in the systems database, only I can not create a report where I can ask for all attributes I'd like to.

Regards
Manuel

-- Regards, Manuel

Hi Manuel,

I know there is no option in live reports for specific search on CN. However if you open any live authentication for AD authentication. You'll find CN resolved identities in report.

Let me know of any queries on this...

Regards

Gagan

PS : rate if it helps!!!!!