Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3957
Views
30
Helpful
6
Replies

Ise Guest Portal and azure SSO

Xeladona
Level 1
Level 1

‎09-22-2021 01:38 AM - edited ‎09-28-2021 01:38 PM

Hi Guys,

 

i have configured a suest porta integrated with aziure SSO.

I followed this link:

 

https://community.cisco.com/t5/security-documents/ise-byod-flow-using-azure-ad/ta-p/4400675

 

if i test from portal test it looks like working fine but if i try from a PC i'm rediretted to azure login page and after succesful login i'm rediretced to ise page:

https://ISE/8443/portal/SSOLoginResponse.action and i get an HTML page (i have two ise...)

 

 

<HTML>
<HEAD>

<TITLE>Access rights validated</TITLE>
</HEAD>
<BODY onLoad="document.forms[0].submit()">
<FORM METHOD="POST" ACTION="https://ISE:8443/portal/SSOLoginResponse.action">
<INPUT TYPE="HIDDEN" NAME="SAMLResponse" VALUE="PHNhbWxwOlJlc3BvbnNlIElEPSJfNzlkNjZmMzctMmIwOS00NDU5LWJhYTAtMWQ5NWU3NzE4NDRhIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMS0wOS0yMlQwNzozNToyNy4wMzdaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9jcC1pc2UuaW50LmdlZGkuaXQ6ODQ0My9wb3J0YWwvU1NPTG9naW5SZXNwb25zZS5hY3Rpb24iIEluUmVzcG9uc2VUbz0iX2M4NzkzYjc3LWMxOGMtNDg3YS1hNzFiLTVjMDI1ZmQ1YTgxZV9ERUxJTUlURVJwb3J0YWxJZF9FUVVBTFNjODc5M2I3Ny1jMThjLTQ4N2EtYTcxYi01YzAyNWZkNWE4MWVfU0VNSXBvcnRhbFNlc3Npb25JZF9FUVVBTFMwMDRlMmMyMC1mZjNhLTQwNGItYmMyNS03NGY0MjZmZmFlNmVfU0VNSXRva2VuX0VRVUFMU0xST1JaVDJaRVA2TENRNFpKSzdLRk5aUjRVOU5NVThJX1NFTUlyYWRpdXNTZXNzaW9uSWRfRVFVQUxTNUI2OUZBMEEwMDAwMEM3NjBDNkU0NUE2X1NFTUlfREVMSU1JVEVSY3AtaXNlLmludC5nZWRpLml0IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3N0cy53aW5kb3dzLm5ldC9hYTMyMmNjNi0wZTQzLTQ4MWUtOGI5Zi0xYTAwMmVkNmRhNGUvPC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PEFzc2VydGlvbiBJRD0iX2Q5MWI4ZWE4LWEyNGUtNGM2My1hMjVkLWI1MjU1NTYxMGUwMCIgSXNzdWVJbnN0YW50PSIyMDIxLTA5LTIyVDA3OjM1OjI3LjAyMloiIFZlcnNpb249IjIuMCIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxJc3N1ZXI+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYWEzMjJjYzYtMGU0My00ODFlLThiOWYtMWEwMDJlZDZkYTRlLzwvSXNzdWVyPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48UmVmZXJlbmNlIFVSST0iI19kOTFiOGVhOC1hMjRlLTRjNjMtYTI1ZC1iNTI1NTU2MTBlMDAiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxEaWdlc3RWYWx1ZT56NUxuaUp2R2pKSndXMkdvbUlKN0l5Wm9sQ1lKdStIbXVGUXpDRmptZmNrPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5iUkEwb2s0cHMwOEdmUmZOZUZGbStuS2R3YUNDWVFETlg2NThIV0liaHZtM3l3QW1IS0M5c080ZlZ6dTg4QTdyWkZ1eHNxMzhMeEllVWYxdW5Ga2RPcmU5bkVXc2htMEdPUUp3ekRmTDk3TnpWUWdzdE11WTNDODVaZXBUWWtQNFV3ZEZJVlRpYVJTak85NE9oRlJ2ZmxibjY1bkoxRG9sbzFNVE5hWlJqR0ZEbkpGZGZXdWFvRUdrVnFNZUE1bUVlL3NTNldqMkJKY2s4NTdHVmc0RDhWbUdtTmgvbnFuaDh5a3I3aDl6cGp5dmNieDZ4cUp0eCtnUDk5NmRCa0ZYYkdaKzB5TDFPWWlsQjJOWkczZEVzeTdKOXNrN2pId1RoUWVJbnAvc0hpendMSnlJWSt3V1NhdWptR3NGU0RWVkRGZEdXdzJpRXUzVE1TeWFuQytnY0E9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU+TUlJQzhEQ0NBZGlnQXdJQkFnSVFLWWRmZERjanJxaEFOQVNpNjVNOUV6QU5CZ2txaGtpRzl3MEJBUXNGQURBME1USXdNQVlEVlFRREV5bE5hV055YjNOdlpuUWdRWHAxY21VZ1JtVmtaWEpoZEdWa0lGTlRUeUJEWlhKMGFXWnBZMkYwWlRBZUZ3MHlNVEE1TWpBeE16QTNNVFJhRncweU5EQTVNakF4TXpBM01UUmFNRFF4TWpBd0JnTlZCQU1US1UxcFkzSnZjMjltZENCQmVuVnlaU0JHWldSbGNtRjBaV1FnVTFOUElFTmxjblJwWm1sallYUmxNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXp2Uk1HMXRyV2tLRjhoV3krWTdnZUxBTjI5OEFIcmtBK2xhWklTZDErSzc0ejFSRGwyU04yejFXUy9Fek5Da2kzUzN6RW5SbzA2eWdFWCtMQ1BNRTZTMHo1eEVJVDFNRTFpcUZreFQyNWVVZFRpWFlEdksvWDF3aGR6Z0c2aXlyQllZQVhVNlJlVWk1ZVRlMWRhVGowOHRLbUpVUlFJRGYvU1c4c0VQdFhMUVl1TVdyNVNLTFBEZVBXTnRPZTFLWXVPN29JdUtZWi8zRWxML1lQQ0pjWUxLOThITGR3TEVtU05jdnh5cEJXc1dBNVZEcHEzaEcrWS9HYXdYMm9icmJmSE1tNHdXTEFUQ0Z0Z3NYRzVjM2wrQjA2VkpIbWc0K3J3NVJGQTN4Tkp5T3JTSDRPQU9KRko0ZmtEcmdodTZGTXpLYmg5MVVDYVRtUVZMT00xUzRzUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ0poQ2xQMkMxOUdmRmorRlovbTdNbDlKSmxrd0VrQ05IeG92NE9JN2lnRUNwdlcxSVpBMnFQUE1WZUNiZ01JbjB3MGwrSndjRzh1NFZjSEFEZzdwQlA5Nkk5cGUvTUNTL2NMenh4cDIwaE5NajJuYlB1ZDI4U3dvWGVHcnROU2I3ZFRkWFBPL3N5SmlFMmhtNWdmQnRvcjM4aGlyMTgvWStQWjFlb2RyTnEwSE1Ra3kwdWV2bW8yUklmWm01OW9LNHNhYjhHZVhVbUdNZTJnM2Q5THN2bUI4UExNaHRwU1l0Ym1qYXAwazZnaWl5MXRKRWZWVGVZNE9CSld0Slh1WFFWU1dUNVJvU1o5RGd1SEhjbkRxU1BwMmNZUTVzMld6aGd5Y3hZR2JxZWdJTGEwS1NtNEtjUVJnQ3N0RFEvQm9UckVFNXBVNXJNUFQ3dm1BM2QwNnhRPC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PFN1YmplY3Q+PE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+dXRlbnRlaXNlQGdlZGlzcGEub25taWNyb3NvZnQuY29tPC9OYW1lSUQ+PFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSJfYzg3OTNiNzctYzE4Yy00ODdhLWE3MWItNWMwMjVmZDVhODFlX0RFTElNSVRFUnBvcnRhbElkX0VRVUFMU2M4NzkzYjc3LWMxOGMtNDg3YS1hNzFiLTVjMDI1ZmQ1YTgxZV9TRU1JcG9ydGFsU2Vzc2lvbklkX0VRVUFMUzAwNGUyYzIwLWZmM2EtNDA0Yi1iYzI1LTc0ZjQyNmZmYWU2ZV9TRU1JdG9rZW5fRVFVQUxTTFJPUlpUMlpFUDZMQ1E0WkpLN0tGTlpSNFU5Tk1VOElfU0VNSXJhZGl1c1Nlc3Npb25JZF9FUVVBTFM1QjY5RkEwQTAwMDAwQzc2MEM2RTQ1QTZfU0VNSV9ERUxJTUlURVJjcC1pc2UuaW50LmdlZGkuaXQiIE5vdE9uT3JBZnRlcj0iMjAyMS0wOS0yMlQwODozNToyNi44OTdaIiBSZWNpcGllbnQ9Imh0dHBzOi8vY3AtaXNlLmludC5nZWRpLml0Ojg0NDMvcG9ydGFsL1NTT0xvZ2luUmVzcG9uc2UuYWN0aW9uIi8+PC9TdWJqZWN0Q29uZmlybWF0aW9uPjwvU3ViamVjdD48Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjEtMDktMjJUMDc6MzA6MjYuODk3WiIgTm90T25PckFmdGVyPSIyMDIxLTA5LTIyVDA4OjM1OjI2Ljg5N1oiPjxBdWRpZW5jZVJlc3RyaWN0aW9uPjxBdWRpZW5jZT5odHRwOi8vQ2lzY29JU0UvYzg3OTNiNzctYzE4Yy00ODdhLWE3MWItNWMwMjVmZDVhODFlPC9BdWRpZW5jZT48L0F1ZGllbmNlUmVzdHJpY3Rpb24+PC9Db25kaXRpb25zPjxBdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy90ZW5hbnRpZCI+PEF0dHJpYnV0ZVZhbHVlPmFhMzIyY2M2LTBlNDMtNDgxZS04YjlmLTFhMDAyZWQ2ZGE0ZTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy9vYmplY3RpZGVudGlmaWVyIj48QXR0cmlidXRlVmFsdWU+YWQyMjk5ODgtNjRiOS00YjAwLWJhN2YtMDUyMmNmMTRhOTkyPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vaWRlbnRpdHkvY2xhaW1zL2Rpc3BsYXluYW1lIj48QXR0cmlidXRlVmFsdWU+VXRlbnRlIElzZTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL2dyb3VwcyI+PEF0dHJpYnV0ZVZhbHVlPjA0ZWJiNzFjLWM4ZDQtNDFiNS05ZmIxLWYzYjM5YzU0MzFkODwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy9pZGVudGl0eXByb3ZpZGVyIj48QXR0cmlidXRlVmFsdWU+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYWEzMjJjYzYtMGU0My00ODFlLThiOWYtMWEwMDJlZDZkYTRlLzwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2NsYWltcy9wOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9zdXJuYW1lIj48QXR0cmlidXRlVmFsdWU+SXNlPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL25hbWUiPjxBdHRyaWJ1dGVWYWx1ZT51dGVudGVpc2VAZ2VkaXNwYS5vbm1pY3Jvc29mdC5jb208L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjwvQXR0cmlidXRlU3RhdGVtZW50PjxBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjEtMDktMjFUMTI6NTc6NDEuODg4WiIgU2Vzc2lvbkluZGV4PSJfZDkxYjhlYTgtYTI0ZS00YzYzLWEyNWQtYjUyNTU1NjEwZTAwIj48QXV0aG5Db250ZXh0PjxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvQXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9BdXRobkNvbnRleHQ+PC9BdXRoblN0YXRlbWVudD48L0Fzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==">
<INPUT TYPE="HIDDEN" NAME="RelayState" VALUE="_c8793b77-c18c-487a-a71b-5c025fd5a81e_DELIMITERportalId_EQUALSc8793b77-c18c-487a-a71b-5c025fd5a81e_SEMIportalSessionId_EQUALS004e2c20-ff3a-404b-bc25-74f426ffae6e_SEMItoken_EQUALSLRORZT2ZEP6LCQ4ZJK7KFNZR4U9NMU8I_SEMIradiusSessionId_EQUALS5B69FA0A00000C760C6E45A6_SEMI_DELIMITERcp-ise.int.xxx.it">
<NOSCRIPT><CENTER>
<INPUT TYPE="SUBMIT" VALUE="Submit SAMLRequest data"/></CENTER></NOSCRIPT>
</FORM></BODY></HTML>

 

any tips to solve yhis issue?

Labels:
6 Replies 6

marce1000
VIP
VIP

‎09-22-2021 04:48 AM

 

 - What's you ISE-version ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Xeladona
Level 1
Level 1
In response to marce1000

‎09-22-2021 05:00 AM

Ise 3.0 patch 2

 

It look like browser does not send to ise the SSO response

Because the body of the html code i posted looks like to be azure repsonse the browser should send to ise

 

Greg Gibbs
Cisco Employee
Cisco Employee
In response to Xeladona

‎09-22-2021 03:32 PM

The client browser does not send any response to ISE. The communication happens between ISE and AzureAD via SAML/OAuth. There is not enough information here to provide much meaningful help. It's possible the session is stuck in a redirect loop, but we would need much more information about your setup (ISE architecture diagrams, flow diagrams for what you're trying to achieve, screenshots of your policies, debug logs, packet captures, etc.).

If it gets the point of examining packet captures and debug logs, you might be better off opening a TAC case to investigate.

Xeladona
Level 1
Level 1
In response to Greg Gibbs

‎09-22-2021 04:11 PM

Hi Greg,

 

first of all thank you for your kindly reply.

I do not completly agree when you say "The communication happens between ISE and AzureAD via SAML/OAuth" (browser shoudl relay assertion from Azure to ISE) but problay you are right(azure works in a different way).

Probably TAC colud help us

again many many thx

Regards

 

 

 

Xeladona
Level 1
Level 1

‎09-29-2021 07:01 AM

Hi Guys,

 

TAC confirmed it is a BUG CSCvy81435

Soon i'm going to patch ISE (new release reòeased today) and will let you know about this issue

Bye

rayarcilla
Level 1
Level 1

‎07-07-2024 11:41 PM

@Xeladona hello good day, just want to check if issue was indeed resolved?  we are also planning to do Azure SAML SSO for BYOD users. have you encountered any other issues so far since you deployed it 3 yrs ago?

0 Helpful
Customers Also Viewed These Support Documents