cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3960
Views
30
Helpful
6
Replies

Ise Guest Portal and azure SSO

Xeladona
Level 1
Level 1

Hi Guys,

 

i have configured a suest porta integrated with aziure SSO.

I followed this link:

 

https://community.cisco.com/t5/security-documents/ise-byod-flow-using-azure-ad/ta-p/4400675

 

if i test from portal test it looks like working fine but if i try from a PC i'm rediretted to azure login page and after succesful login i'm rediretced to ise page:

https://ISE/8443/portal/SSOLoginResponse.action and i get an HTML page (i have two ise...)

 

 

<HTML>
<HEAD>

<TITLE>Access rights validated</TITLE>
</HEAD>
<BODY onLoad="document.forms[0].submit()">
<FORM METHOD="POST" ACTION="https://ISE:8443/portal/SSOLoginResponse.action">
<INPUT TYPE="HIDDEN" NAME="SAMLResponse" VALUE="PHNhbWxwOlJlc3BvbnNlIElEPSJfNzlkNjZmMzctMmIwOS00NDU5LWJhYTAtMWQ5NWU3NzE4NDRhIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMS0wOS0yMlQwNzozNToyNy4wMzdaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9jcC1pc2UuaW50LmdlZGkuaXQ6ODQ0My9wb3J0YWwvU1NPTG9naW5SZXNwb25zZS5hY3Rpb24iIEluUmVzcG9uc2VUbz0iX2M4NzkzYjc3LWMxOGMtNDg3YS1hNzFiLTVjMDI1ZmQ1YTgxZV9ERUxJTUlURVJwb3J0YWxJZF9FUVVBTFNjODc5M2I3Ny1jMThjLTQ4N2EtYTcxYi01YzAyNWZkNWE4MWVfU0VNSXBvcnRhbFNlc3Npb25JZF9FUVVBTFMwMDRlMmMyMC1mZjNhLTQwNGItYmMyNS03NGY0MjZmZmFlNmVfU0VNSXRva2VuX0VRVUFMU0xST1JaVDJaRVA2TENRNFpKSzdLRk5aUjRVOU5NVThJX1NFTUlyYWRpdXNTZXNzaW9uSWRfRVFVQUxTNUI2OUZBMEEwMDAwMEM3NjBDNkU0NUE2X1NFTUlfREVMSU1JVEVSY3AtaXNlLmludC5nZWRpLml0IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3N0cy53aW5kb3dzLm5ldC9hYTMyMmNjNi0wZTQzLTQ4MWUtOGI5Zi0xYTAwMmVkNmRhNGUvPC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PEFzc2VydGlvbiBJRD0iX2Q5MWI4ZWE4LWEyNGUtNGM2My1hMjVkLWI1MjU1NTYxMGUwMCIgSXNzdWVJbnN0YW50PSIyMDIxLTA5LTIyVDA3OjM1OjI3LjAyMloiIFZlcnNpb249IjIuMCIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxJc3N1ZXI+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYWEzMjJjYzYtMGU0My00ODFlLThiOWYtMWEwMDJlZDZkYTRlLzwvSXNzdWVyPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48UmVmZXJlbmNlIFVSST0iI19kOTFiOGVhOC1hMjRlLTRjNjMtYTI1ZC1iNTI1NTU2MTBlMDAiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxEaWdlc3RWYWx1ZT56NUxuaUp2R2pKSndXMkdvbUlKN0l5Wm9sQ1lKdStIbXVGUXpDRmptZmNrPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5iUkEwb2s0cHMwOEdmUmZOZUZGbStuS2R3YUNDWVFETlg2NThIV0liaHZtM3l3QW1IS0M5c080ZlZ6dTg4QTdyWkZ1eHNxMzhMeEllVWYxdW5Ga2RPcmU5bkVXc2htMEdPUUp3ekRmTDk3TnpWUWdzdE11WTNDODVaZXBUWWtQNFV3ZEZJVlRpYVJTak85NE9oRlJ2ZmxibjY1bkoxRG9sbzFNVE5hWlJqR0ZEbkpGZGZXdWFvRUdrVnFNZUE1bUVlL3NTNldqMkJKY2s4NTdHVmc0RDhWbUdtTmgvbnFuaDh5a3I3aDl6cGp5dmNieDZ4cUp0eCtnUDk5NmRCa0ZYYkdaKzB5TDFPWWlsQjJOWkczZEVzeTdKOXNrN2pId1RoUWVJbnAvc0hpendMSnlJWSt3V1NhdWptR3NGU0RWVkRGZEdXdzJpRXUzVE1TeWFuQytnY0E9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU+TUlJQzhEQ0NBZGlnQXdJQkFnSVFLWWRmZERjanJxaEFOQVNpNjVNOUV6QU5CZ2txaGtpRzl3MEJBUXNGQURBME1USXdNQVlEVlFRREV5bE5hV055YjNOdlpuUWdRWHAxY21VZ1JtVmtaWEpoZEdWa0lGTlRUeUJEWlhKMGFXWnBZMkYwWlRBZUZ3MHlNVEE1TWpBeE16QTNNVFJhRncweU5EQTVNakF4TXpBM01UUmFNRFF4TWpBd0JnTlZCQU1US1UxcFkzSnZjMjltZENCQmVuVnlaU0JHWldSbGNtRjBaV1FnVTFOUElFTmxjblJwWm1sallYUmxNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXp2Uk1HMXRyV2tLRjhoV3krWTdnZUxBTjI5OEFIcmtBK2xhWklTZDErSzc0ejFSRGwyU04yejFXUy9Fek5Da2kzUzN6RW5SbzA2eWdFWCtMQ1BNRTZTMHo1eEVJVDFNRTFpcUZreFQyNWVVZFRpWFlEdksvWDF3aGR6Z0c2aXlyQllZQVhVNlJlVWk1ZVRlMWRhVGowOHRLbUpVUlFJRGYvU1c4c0VQdFhMUVl1TVdyNVNLTFBEZVBXTnRPZTFLWXVPN29JdUtZWi8zRWxML1lQQ0pjWUxLOThITGR3TEVtU05jdnh5cEJXc1dBNVZEcHEzaEcrWS9HYXdYMm9icmJmSE1tNHdXTEFUQ0Z0Z3NYRzVjM2wrQjA2VkpIbWc0K3J3NVJGQTN4Tkp5T3JTSDRPQU9KRko0ZmtEcmdodTZGTXpLYmg5MVVDYVRtUVZMT00xUzRzUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ0poQ2xQMkMxOUdmRmorRlovbTdNbDlKSmxrd0VrQ05IeG92NE9JN2lnRUNwdlcxSVpBMnFQUE1WZUNiZ01JbjB3MGwrSndjRzh1NFZjSEFEZzdwQlA5Nkk5cGUvTUNTL2NMenh4cDIwaE5NajJuYlB1ZDI4U3dvWGVHcnROU2I3ZFRkWFBPL3N5SmlFMmhtNWdmQnRvcjM4aGlyMTgvWStQWjFlb2RyTnEwSE1Ra3kwdWV2bW8yUklmWm01OW9LNHNhYjhHZVhVbUdNZTJnM2Q5THN2bUI4UExNaHRwU1l0Ym1qYXAwazZnaWl5MXRKRWZWVGVZNE9CSld0Slh1WFFWU1dUNVJvU1o5RGd1SEhjbkRxU1BwMmNZUTVzMld6aGd5Y3hZR2JxZWdJTGEwS1NtNEtjUVJnQ3N0RFEvQm9UckVFNXBVNXJNUFQ3dm1BM2QwNnhRPC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PFN1YmplY3Q+PE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+dXRlbnRlaXNlQGdlZGlzcGEub25taWNyb3NvZnQuY29tPC9OYW1lSUQ+PFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSJfYzg3OTNiNzctYzE4Yy00ODdhLWE3MWItNWMwMjVmZDVhODFlX0RFTElNSVRFUnBvcnRhbElkX0VRVUFMU2M4NzkzYjc3LWMxOGMtNDg3YS1hNzFiLTVjMDI1ZmQ1YTgxZV9TRU1JcG9ydGFsU2Vzc2lvbklkX0VRVUFMUzAwNGUyYzIwLWZmM2EtNDA0Yi1iYzI1LTc0ZjQyNmZmYWU2ZV9TRU1JdG9rZW5fRVFVQUxTTFJPUlpUMlpFUDZMQ1E0WkpLN0tGTlpSNFU5Tk1VOElfU0VNSXJhZGl1c1Nlc3Npb25JZF9FUVVBTFM1QjY5RkEwQTAwMDAwQzc2MEM2RTQ1QTZfU0VNSV9ERUxJTUlURVJjcC1pc2UuaW50LmdlZGkuaXQiIE5vdE9uT3JBZnRlcj0iMjAyMS0wOS0yMlQwODozNToyNi44OTdaIiBSZWNpcGllbnQ9Imh0dHBzOi8vY3AtaXNlLmludC5nZWRpLml0Ojg0NDMvcG9ydGFsL1NTT0xvZ2luUmVzcG9uc2UuYWN0aW9uIi8+PC9TdWJqZWN0Q29uZmlybWF0aW9uPjwvU3ViamVjdD48Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjEtMDktMjJUMDc6MzA6MjYuODk3WiIgTm90T25PckFmdGVyPSIyMDIxLTA5LTIyVDA4OjM1OjI2Ljg5N1oiPjxBdWRpZW5jZVJlc3RyaWN0aW9uPjxBdWRpZW5jZT5odHRwOi8vQ2lzY29JU0UvYzg3OTNiNzctYzE4Yy00ODdhLWE3MWItNWMwMjVmZDVhODFlPC9BdWRpZW5jZT48L0F1ZGllbmNlUmVzdHJpY3Rpb24+PC9Db25kaXRpb25zPjxBdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy90ZW5hbnRpZCI+PEF0dHJpYnV0ZVZhbHVlPmFhMzIyY2M2LTBlNDMtNDgxZS04YjlmLTFhMDAyZWQ2ZGE0ZTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy9vYmplY3RpZGVudGlmaWVyIj48QXR0cmlidXRlVmFsdWU+YWQyMjk5ODgtNjRiOS00YjAwLWJhN2YtMDUyMmNmMTRhOTkyPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vaWRlbnRpdHkvY2xhaW1zL2Rpc3BsYXluYW1lIj48QXR0cmlidXRlVmFsdWU+VXRlbnRlIElzZTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL2dyb3VwcyI+PEF0dHJpYnV0ZVZhbHVlPjA0ZWJiNzFjLWM4ZDQtNDFiNS05ZmIxLWYzYjM5YzU0MzFkODwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy9pZGVudGl0eXByb3ZpZGVyIj48QXR0cmlidXRlVmFsdWU+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYWEzMjJjYzYtMGU0My00ODFlLThiOWYtMWEwMDJlZDZkYTRlLzwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2NsYWltcy9wOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9zdXJuYW1lIj48QXR0cmlidXRlVmFsdWU+SXNlPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL25hbWUiPjxBdHRyaWJ1dGVWYWx1ZT51dGVudGVpc2VAZ2VkaXNwYS5vbm1pY3Jvc29mdC5jb208L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjwvQXR0cmlidXRlU3RhdGVtZW50PjxBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjEtMDktMjFUMTI6NTc6NDEuODg4WiIgU2Vzc2lvbkluZGV4PSJfZDkxYjhlYTgtYTI0ZS00YzYzLWEyNWQtYjUyNTU1NjEwZTAwIj48QXV0aG5Db250ZXh0PjxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvQXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9BdXRobkNvbnRleHQ+PC9BdXRoblN0YXRlbWVudD48L0Fzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==">
<INPUT TYPE="HIDDEN" NAME="RelayState" VALUE="_c8793b77-c18c-487a-a71b-5c025fd5a81e_DELIMITERportalId_EQUALSc8793b77-c18c-487a-a71b-5c025fd5a81e_SEMIportalSessionId_EQUALS004e2c20-ff3a-404b-bc25-74f426ffae6e_SEMItoken_EQUALSLRORZT2ZEP6LCQ4ZJK7KFNZR4U9NMU8I_SEMIradiusSessionId_EQUALS5B69FA0A00000C760C6E45A6_SEMI_DELIMITERcp-ise.int.xxx.it">
<NOSCRIPT><CENTER>
<INPUT TYPE="SUBMIT" VALUE="Submit SAMLRequest data"/></CENTER></NOSCRIPT>
</FORM></BODY></HTML>

 

any tips to solve yhis issue?

6 Replies 6

marce1000
VIP
VIP

 

 - What's you ISE-version ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Ise 3.0 patch 2

 

It look like browser does not send to ise the SSO response

Because the body of the html code i posted looks like to be azure repsonse the browser should send to ise

 

The client browser does not send any response to ISE. The communication happens between ISE and AzureAD via SAML/OAuth. There is not enough information here to provide much meaningful help. It's possible the session is stuck in a redirect loop, but we would need much more information about your setup (ISE architecture diagrams, flow diagrams for what you're trying to achieve, screenshots of your policies, debug logs, packet captures, etc.).

If it gets the point of examining packet captures and debug logs, you might be better off opening a TAC case to investigate.

Hi Greg,

 

first of all thank you for your kindly reply.

I do not completly agree when you say "The communication happens between ISE and AzureAD via SAML/OAuth" (browser shoudl relay assertion from Azure to ISE) but problay you are right(azure works in a different way).

Probably TAC colud help us

again many many thx

Regards

 

 

 

Xeladona
Level 1
Level 1

Hi Guys,

 

TAC confirmed it is a BUG CSCvy81435

Soon i'm going to patch ISE (new release reòeased today) and will let you know about this issue

Bye

rayarcilla
Level 1
Level 1

@Xeladona hello good day, just want to check if issue was indeed resolved?  we are also planning to do Azure SAML SSO for BYOD users. have you encountered any other issues so far since you deployed it 3 yrs ago?