09-03-2018 04:06 AM
If you have to do an Identity Rewrite for every user what kind of impact does that have for sizing? We have an issue with the Subject Alternative Name (SubjectAltName) extension in the certificate does not contains the user principal name (UPN) of the user. Looking at a 50,000 user deployment.
09-03-2018 04:43 AM
Does the certificate Subject contain the UPN?
Failing that, do either the Subject or the Subject Alternative Name contain a value that is natively found in the identity store (I assume you're looking them up in AD?). I have seen ISE search the user's Email attribute and match on that (authentication successful) instead of the UPN. I never really figured out how this ISE logic works, and perhaps it was its ambiguity resolution (because user existed in multiple domains).
09-03-2018 10:35 AM
No known issue in using AD rewrite rules so should be negligible.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide