cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1828
Views
15
Helpful
5
Replies

ISE 3.0.0.458 Single Click Approval Not Working

Dan Man
Beginner
Beginner

Good evening!  I've set up our Guest self registration portal.  It works great!  Only two items that are plaguing me right now.  When the user self registers, the sponsor receives the email to Approve or Deny.  The sponsor clicks "Approve", which brings me to the first issues.  It asks the sponsor to authenticate to the sponsor portal.  I did read, and go through the single click approval guide.  I have the correct sponsor portal set up, with the correct identity source sequence.  My AD is registered in ISE, and is a part of the identity source sequence.  The users that are approving are a part of AD.  Within the self registration portal, the sponsor has to approve the guest registration.  Once the sponsor does authenticate, the guest sees the approval go through, on their screen.  At that time the guest has to accept the AUP, before it will let them on.  At that point, they're on, and it redirects them to our company page.  Once the user gets on, I have my second issue;  the sponsor receives a web page that says, "Link is invalid. Please sign on to the sponsor portal to approve/deny guests."; even though the guest has already been approved.  I've read that it could be due to our company logo being added.  I've removed our company logo, but still the same issue is happening.  I've read that in version 2 there is a bug.  I would've assumed that this was fixed going into version 3.  Anyone have any success at correcting these two issue?  Thanks!

5 Replies 5

Dan Man
Beginner
Beginner

No thoughts?  TAC can’t seem to figure this out.  Customer is on the verge of scrapping ISE in favor of ClearPass

Seems like it is a buggy behaviour. I would try to ask TAC to escalate the case.

tellis002
Beginner
Beginner

I know this is going to sound super weird, but I have been working on the same issue, same ISE version as well.  However, it started working and the only thing I changed was getting ISE to email externally.  All I can think of is something in the token with how I was currently utilizing email within ISE was causing an issue.  

 

 

That is interesting! I opened a TAC case, and they were able to reproduce the error in their lab. From what TAC told me, they’re going to create an update to address the issue; but I’m going to try your suggestion.

O nice, very interesting.  Well I will watch out for that update then as well.  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers