- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2017 01:10 PM
I've read that ISE REST API uses TLS (https) over port 9060 with basic authentication. Is there any additional encryption being done for the username and/or password other than sending the data thru the TLS tunnel? e.g. password encrypted with public key of ISE server or some hash?
Thanks
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2017 01:25 PM
According to the Cisco Identity Services Engine API Reference Guide, Release 2.x, the authentication credentials ARE encrypted and not just sent through the tunnel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2017 01:25 PM
According to the Cisco Identity Services Engine API Reference Guide, Release 2.x, the authentication credentials ARE encrypted and not just sent through the tunnel.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2017 01:26 PM
No. It’s no different than logging into your bank’s web site.
Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2017 08:01 AM
I read that as well. It says they are encrypted but does not give details on HOW it is encrypted. That is a big deal for customers with IA audits. They need to know if it's a one way hash, uses a shared encryption key, uses the servers public asymmetrical key or just passed inside an encrypted TLS connection i.e. not encrypted. I could not find any docs internally that clarifies those details. And someone else is now saying it is not encrypted.
Thanks
