Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
199
Views
1
Helpful
1
Replies

ISE 3.2 - Emoji numbers in BYOD AD login

millerd11
Level 1
Level 1

‎02-20-2025 09:48 AM

Good afternoon all,

I have a strange issue here.   We have user access control to our BYOD and Guest networks using Active Directory LDAP authentication to a login portal (Central Web Auth on our ISE servers).

Our BYOD users include students who have student IDs as their login.   So a student will have a 6 digit username like "123456" for example.   What we discovered recently is that some students have been using Emoji symbols for the numbers and AD authentication will still parse it like the original ascii numbers, but ISE will store their login information with the Emoji symbols.

is being parsed as "domain\123456" in the AD authentication, but then ISE device registration stores that as the emoji.   This messes up our firewall policies as it looks at our ISE registration for assigning Internet access rights with employees and administrators with broader access than a student has.

1 Reply 1

Arne Bier
VIP
VIP

‎02-20-2025 01:37 PM

Trust those students to find loopholes. I doubt there is much this Community can do about the input validation of the BYOD web portal. It appears that every app (e.g. Microsoft Office, Chrome, Firefox, etc) has their own arcane method of entering Unicode characters - perhaps the ISE developers can filter the input better and allow only alphanumeric ranges (or whatever is legal in AD). I would raise a TAC case for this.

0 Helpful
Customers Also Viewed These Support Documents