08-01-2012 12:06 PM - edited 03-10-2019 07:22 PM
Hello,
We’re trying to setup our Sponsor Portal to query an Active Directory group for login credientials and having some trouble. Right now we’re receiving the error, “Sponsor authentication has failed : Sponsorgroup not found for user”
Is there a configuration guide available explaining how to configure this?
Any help would be great.
Thanks,
Pete
11-08-2012 04:06 PM
I'm on 1.1.2.145 and still having problems
11-08-2012 10:03 PM
Can you maybe post the different settings (AD profile, identity source profile, sponsor authorization)?
Thanks and regards
Sent from Cisco Technical Support iPhone App
11-13-2012 04:12 PM
attached
11-13-2012 11:27 PM
I think the problem is, that you specify the ISE Identity Groups (SponsorAllAccounts, SponsorGroupAccounts and SponsorOwnAccounts) in the Sponsor Group Policy. Because all the AD users that should have access, are ONLY in the DC1:ExternalGroups, so you should allow ANY as Identity Group and DC1:ExternalGroups ..., see below:
Hope this will help you solve the problem.
Regards
Dominic
11-14-2012 08:38 AM
Thanks for your help Dominic, unfortunatley I'm still getting the same..
The authentication in ISE is showing "Sponsor authentication has failed : Sponsorgroup not found for user" and the error on the sponsor portal is "Invalid sponsor group. Please try again."
Some more screengrabs
11-14-2012 02:34 PM
Very strange. Do you have a special character in the Domain Name or the Identity Store Name?
11-14-2012 02:37 PM
Just a hypen in the Identity Store, the format of the name is ABC-DC1. The domain name is simple; domain.com.
11-14-2012 02:49 PM
Check the additional attribute section in the report and see if the AD group is being retrieved for this user.
Thanks,
Tarik Admani
*Please rate helpful posts*
11-16-2012 01:43 PM
Thanks for your help Tarik, but still no luck.
I might try stripping it all back, and re-added.
I'll report back if I have any progress.
11-20-2012 02:31 PM
I've been able to get it working now, I removed the groups I was originally trying to use - tried a different one that was newly created with the same users added to it - and voila.. it works.
thanks Dominic and Tarik for your help.
11-21-2012 07:26 AM
Hi Evan
thanks for your feedback.
Regards
Dominic
11-16-2012 05:45 AM
OK, then I don't have any more ideas, why the problem occurs. At the moment, I have a lot of other problems / bugs / questions open concerning ISE guest / sponsor portal.
01-24-2013 07:13 AM
I'm having the same issue on 1.1.2.145, when I changed the Identity group to Any it worked.
05-22-2013 03:40 AM
Kindly review the below link:
https://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_2.0/trustsec_2.0_dig.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide