cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

710
Views
10
Helpful
6
Replies
Highlighted
Cisco Employee

Guest username cannot contain comma (doc issue?)

Hi dev team,

 

ISE2.4 administration guide shows username doesn't accept "<, >, /, and %" as special character.

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01111.html#concept_1C033A7699A24911ABAC796512681A3B

> The special characters <, >, /, and % cannot be used. 

 

But ISE GUI doesn't accept comma. It shows "can not contain <, >, /, %, space or comma"

無題.png

 

This seems that admin guide is outdated. Could you check it?

 

And I found 1 BugID which is related to Guest username.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm68714/

 

According to the BugID, the username should contain space

(even though GUI shows space cannot be contained)

 

So now I'm not sure what characters are really supported on ISE guest.

I'd appreciate if you clarify about the point and update admin guide properly.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Guest username cannot contain comma (doc issue?)

From the admin guide -

Network access authentication supports UTF-8 username and password credentials. This includes RADIUS, EAP, RADIUS proxy, RADIUS token, and web authentication from the Guest and Administrative portal login authentications. UTF-8 support for user name and password applies to authentication against the local identity store as well as external identity stores.

 

So the Guest Username supports utf-8. 

regarding the missing character information ( Space, comma etc ) , the documentation team will gather information from the respective teams and update the document. 

View solution in original post

6 REPLIES 6
Highlighted
Cisco Employee

Re: Guest username cannot contain comma (doc issue?)

Thanks for bringing this up. 

We will take it to the documentation team !

 

Thanks,

nidhi

Highlighted
Cisco Employee

Re: Guest username cannot contain comma (doc issue?)

Hi Nidhi,

 

Thanks. I look forward to the doc update. Please also tell me if permitting space for username is really expected by design.

BTW now I'm facing similar issue on username of network access user. Please also check it.

 

Guide shows "Do not include space, +, and * characters in the username."

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01110.html#ID113

 

But ISE GUI shows more characters (but doesn't introduce space as unsupported character)

無題.png

 

This also makes supported character unclear. Please tell me real supported characters for the network access user.

 

BTW I also found the user whose name contains space will not be modified/deleted via admin GUI.

 

fail_deleting_space_user.png

 

I'd like to know if the behavior is either of following.

 

1) It's deleting problem. ISE should handle deleting "     " user.

2) It's user creating problem. ISE should deny creating "     " user.

 

Thanks for your support.

Highlighted
Cisco Employee

Re: Guest username cannot contain comma (doc issue?)


Hi, utf-8 support for guest username is also unclear. Could you also clarify?

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01.html#ID431

 

The guide mentions about guest password.

> Cisco ISE does not support guest passwords with UTF-8 characters.

 

And also mentions about all fields for guest portals.

無題.png

But it doesn't mention about username.

* Above table shows all fields in sponsor/guest/my devices portal supports utf-8, but there is no username field on guest/my devices portal. It will be dynamically generated by first/last name, or statically specified via ERS API.

 

Can I think username for the network access user also supports utf-8?

 

Sorry, the topic became a bit complex. But in summary, now I'd like to know about the following table items.

Could you fill the table and correct items if something is wrong?

 

utf-8 support?

unsupported characters
guest username * Unknown

<, >, /, %, space, comma (and more? ex control characters?)

* Space is unclear with CSCvm68714

guest password No <, >, /, and % (It's enough or more? control characters? )
network access user username Yes !, %, :, ;, ,, [, {, |, }, ], `, ”, =, <, >, ? (space? or more?)
network access user password Yes control characters (crystal clear!)

 

Referenced information.

 

For guest username)

For guest password)

For network access user username)

For network access user password)

 
 
 
 
Highlighted
Cisco Employee

Re: Guest username cannot contain comma (doc issue?)

Replied to you over email. 

 

Thanks,

Nidhi

Highlighted
Cisco Employee

Re: Guest username cannot contain comma (doc issue?)

From the admin guide -

Network access authentication supports UTF-8 username and password credentials. This includes RADIUS, EAP, RADIUS proxy, RADIUS token, and web authentication from the Guest and Administrative portal login authentications. UTF-8 support for user name and password applies to authentication against the local identity store as well as external identity stores.

 

So the Guest Username supports utf-8. 

regarding the missing character information ( Space, comma etc ) , the documentation team will gather information from the respective teams and update the document. 

View solution in original post

Cisco Employee

Re: Guest username cannot contain comma (doc issue?)

Hi Nidhi,

 

Thanks for the update.

I checked the description, but it was still slightly unclear.

 

> UTF-8 support for user name and password applies to authentication against the local identity store as well as external identity stores.

 

The target of "UTF-8 support for user name and password" is not documented.

Do you mean it contains all of network access user, admin user, and guest user?

But if so, the description conflict following statement.

 

> Cisco ISE does not support guest passwords with UTF-8 characters. 

 

BTW it's not so convenient that each explanation about username/password support is located on different section.

It would be really appreciated if the guide will have these information in 1 section or 1 table.