11-28-2017 01:10 PM
I've read that ISE REST API uses TLS (https) over port 9060 with basic authentication. Is there any additional encryption being done for the username and/or password other than sending the data thru the TLS tunnel? e.g. password encrypted with public key of ISE server or some hash?
Thanks
Solved! Go to Solution.
11-28-2017 01:25 PM
According to the Cisco Identity Services Engine API Reference Guide, Release 2.x, the authentication credentials ARE encrypted and not just sent through the tunnel.
11-28-2017 01:25 PM
According to the Cisco Identity Services Engine API Reference Guide, Release 2.x, the authentication credentials ARE encrypted and not just sent through the tunnel.
11-28-2017 01:26 PM
No. It’s no different than logging into your bank’s web site.
Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.
11-29-2017 08:01 AM
I read that as well. It says they are encrypted but does not give details on HOW it is encrypted. That is a big deal for customers with IA audits. They need to know if it's a one way hash, uses a shared encryption key, uses the servers public asymmetrical key or just passed inside an encrypted TLS connection i.e. not encrypted. I could not find any docs internally that clarifies those details. And someone else is now saying it is not encrypted.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide