Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
2
Replies

How much load do rewrites put on ISE and where?

jojared
Cisco Employee
Cisco Employee

‎09-03-2018 04:06 AM

If you have to do an Identity Rewrite for every user what kind of impact does that have for sizing? We have an issue with the Subject Alternative Name (SubjectAltName) extension in the certificate does not contains the user principal name (UPN) of the user. Looking at a 50,000 user deployment.

0 Helpful
2 Replies 2

Arne Bier
VIP
VIP

‎09-03-2018 04:43 AM

Does the certificate Subject contain the UPN?

Failing that, do either the Subject or the Subject Alternative Name contain a value that is natively found in the identity store (I assume you're looking them up in AD?).  I have seen ISE search the user's Email attribute and match on that (authentication successful) instead of the UPN.  I never really figured out how this ISE logic works, and perhaps it was its ambiguity resolution (because user existed in multiple domains). 

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎09-03-2018 10:35 AM

No known issue in using AD rewrite rules so should be negligible.

0 Helpful
Customers Also Viewed These Support Documents