cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1998
Views
3
Helpful
6
Replies

ISE 2.2 Single Click Sponsor Approval

prsivada
Cisco Employee
Cisco Employee

Hi Team,

My customer is using the Single Click Sponsor Approval feature in their setup. In his situation where everything works as expected, the Approve/Deny link points to the PSN1. However, in a situation where the PSN1 is down, it should ideally fallback to PSN2 which does not happen in our case. When we hover over the Approve/Deny hyperlink, we still see it pointing to PSN1. Clicking on it takes us to PSN1 as well.

According to the Document - https://communities.cisco.com/docs/DOC-70777, it is mentioned "The URL that is returned in the email to the sponsor is encoded with the Sponsor Portal Test URL of the 1st matched sponsor portal.  The only way to override this is to give the portal an EASY URL (FQDN) set in sponsor portal settings. Example: sponsorportal.domain.com maps to IP address of PSN1, PSN2 in DNS as a CNAME Alias"


However, how can we achieve this if there is no load balancer in place? Would there be a different workaround for this case?

Thanks in advance,

Best regards.

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

You can use DNS too make sure that more than one psn resolves to the easy URL fqdn

Would rely on a global load balancer or intelligent DNS to resolve to nearest, most available, or simply pingable host.  Also possible to return multiple entries and let client figure it out.

View solution in original post

6 Replies 6

Jason Kunst
Cisco Employee
Cisco Employee

You can use DNS too make sure that more than one psn resolves to the easy URL fqdn

Would rely on a global load balancer or intelligent DNS to resolve to nearest, most available, or simply pingable host.  Also possible to return multiple entries and let client figure it out.

Thank you for the confirmation Jason. Appreciate the quick response.

Hi Jason,

On the same lines, In the Single Click Approval feature, while clicking on Approve link from the email, is it expected behavior to be redirected to the browser with an IP address instead of the FQDN even though the FQDN is configured on the sponsor portal?

What do you have in the email notification? This needs to have the FQDN there as well.

Do you have well known certs setup with correct names?

Hi Jason,

I have checked all certificates, they are in place.

Hitting the Portal Test URL on the sponsor portal takes us to the URL with the FQDN. We do not see an issue with the FQDN being used anywhere else. However, the Approve Button for some reason on the email notification points to the IP address and not the FQDN.

Please update the notification message to include the FQDN

Its listed in the doc https://communities.cisco.com/docs/DOC-70777