Hi,
we have EAP TLS session resume enabled and want to do binary certificate comparison for AD clients. This leads to clients with invalid certificates beeing denied at first but beeing admited because Certificate Check is skipped on EAP session resume. It seems as if the Client Ticket is sent and accepted later on even if the first Authentication was unsuccessful.
And even when we disabled EAP TLS session resume we got the same behaviour - clients fail first and are beeing admitted on second attempt with ISE saying TLS session war successfully resumed and skipping certificate check.
Does this mean that EAP TLS session resume ist incompatible with binary comparison or can this be seen as a bug - meaning we need a TAC case?