09-22-2021 01:38 AM - edited 09-28-2021 01:38 PM
Hi Guys,
i have configured a suest porta integrated with aziure SSO.
I followed this link:
https://community.cisco.com/t5/security-documents/ise-byod-flow-using-azure-ad/ta-p/4400675
if i test from portal test it looks like working fine but if i try from a PC i'm rediretted to azure login page and after succesful login i'm rediretced to ise page:
https://ISE/8443/portal/SSOLoginResponse.action and i get an HTML page (i have two ise...)
<HTML>
<HEAD>
<TITLE>Access rights validated</TITLE>
</HEAD>
<BODY onLoad="document.forms[0].submit()">
<FORM METHOD="POST" ACTION="https://ISE:8443/portal/SSOLoginResponse.action">
<INPUT TYPE="HIDDEN" NAME="SAMLResponse" VALUE="PHNhbWxwOlJlc3BvbnNlIElEPSJfNzlkNjZmMzctMmIwOS00NDU5LWJhYTAtMWQ5NWU3NzE4NDRhIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMS0wOS0yMlQwNzozNToyNy4wMzdaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9jcC1pc2UuaW50LmdlZGkuaXQ6ODQ0My9wb3J0YWwvU1NPTG9naW5SZXNwb25zZS5hY3Rpb24iIEluUmVzcG9uc2VUbz0iX2M4NzkzYjc3LWMxOGMtNDg3YS1hNzFiLTVjMDI1ZmQ1YTgxZV9ERUxJTUlURVJwb3J0YWxJZF9FUVVBTFNjODc5M2I3Ny1jMThjLTQ4N2EtYTcxYi01YzAyNWZkNWE4MWVfU0VNSXBvcnRhbFNlc3Npb25JZF9FUVVBTFMwMDRlMmMyMC1mZjNhLTQwNGItYmMyNS03NGY0MjZmZmFlNmVfU0VNSXRva2VuX0VRVUFMU0xST1JaVDJaRVA2TENRNFpKSzdLRk5aUjRVOU5NVThJX1NFTUlyYWRpdXNTZXNzaW9uSWRfRVFVQUxTNUI2OUZBMEEwMDAwMEM3NjBDNkU0NUE2X1NFTUlfREVMSU1JVEVSY3AtaXNlLmludC5nZWRpLml0IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3N0cy53aW5kb3dzLm5ldC9hYTMyMmNjNi0wZTQzLTQ4MWUtOGI5Zi0xYTAwMmVkNmRhNGUvPC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PEFzc2VydGlvbiBJRD0iX2Q5MWI4ZWE4LWEyNGUtNGM2My1hMjVkLWI1MjU1NTYxMGUwMCIgSXNzdWVJbnN0YW50PSIyMDIxLTA5LTIyVDA3OjM1OjI3LjAyMloiIFZlcnNpb249IjIuMCIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxJc3N1ZXI+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYWEzMjJjYzYtMGU0My00ODFlLThiOWYtMWEwMDJlZDZkYTRlLzwvSXNzdWVyPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48UmVmZXJlbmNlIFVSST0iI19kOTFiOGVhOC1hMjRlLTRjNjMtYTI1ZC1iNTI1NTU2MTBlMDAiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxEaWdlc3RWYWx1ZT56NUxuaUp2R2pKSndXMkdvbUlKN0l5Wm9sQ1lKdStIbXVGUXpDRmptZmNrPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5iUkEwb2s0cHMwOEdmUmZOZUZGbStuS2R3YUNDWVFETlg2NThIV0liaHZtM3l3QW1IS0M5c080ZlZ6dTg4QTdyWkZ1eHNxMzhMeEllVWYxdW5Ga2RPcmU5bkVXc2htMEdPUUp3ekRmTDk3TnpWUWdzdE11WTNDODVaZXBUWWtQNFV3ZEZJVlRpYVJTak85NE9oRlJ2ZmxibjY1bkoxRG9sbzFNVE5hWlJqR0ZEbkpGZGZXdWFvRUdrVnFNZUE1bUVlL3NTNldqMkJKY2s4NTdHVmc0RDhWbUdtTmgvbnFuaDh5a3I3aDl6cGp5dmNieDZ4cUp0eCtnUDk5NmRCa0ZYYkdaKzB5TDFPWWlsQjJOWkczZEVzeTdKOXNrN2pId1RoUWVJbnAvc0hpendMSnlJWSt3V1NhdWptR3NGU0RWVkRGZEdXdzJpRXUzVE1TeWFuQytnY0E9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU+TUlJQzhEQ0NBZGlnQXdJQkFnSVFLWWRmZERjanJxaEFOQVNpNjVNOUV6QU5CZ2txaGtpRzl3MEJBUXNGQURBME1USXdNQVlEVlFRREV5bE5hV055YjNOdlpuUWdRWHAxY21VZ1JtVmtaWEpoZEdWa0lGTlRUeUJEWlhKMGFXWnBZMkYwWlRBZUZ3MHlNVEE1TWpBeE16QTNNVFJhRncweU5EQTVNakF4TXpBM01UUmFNRFF4TWpBd0JnTlZCQU1US1UxcFkzSnZjMjltZENCQmVuVnlaU0JHWldSbGNtRjBaV1FnVTFOUElFTmxjblJwWm1sallYUmxNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXp2Uk1HMXRyV2tLRjhoV3krWTdnZUxBTjI5OEFIcmtBK2xhWklTZDErSzc0ejFSRGwyU04yejFXUy9Fek5Da2kzUzN6RW5SbzA2eWdFWCtMQ1BNRTZTMHo1eEVJVDFNRTFpcUZreFQyNWVVZFRpWFlEdksvWDF3aGR6Z0c2aXlyQllZQVhVNlJlVWk1ZVRlMWRhVGowOHRLbUpVUlFJRGYvU1c4c0VQdFhMUVl1TVdyNVNLTFBEZVBXTnRPZTFLWXVPN29JdUtZWi8zRWxML1lQQ0pjWUxLOThITGR3TEVtU05jdnh5cEJXc1dBNVZEcHEzaEcrWS9HYXdYMm9icmJmSE1tNHdXTEFUQ0Z0Z3NYRzVjM2wrQjA2VkpIbWc0K3J3NVJGQTN4Tkp5T3JTSDRPQU9KRko0ZmtEcmdodTZGTXpLYmg5MVVDYVRtUVZMT00xUzRzUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ0poQ2xQMkMxOUdmRmorRlovbTdNbDlKSmxrd0VrQ05IeG92NE9JN2lnRUNwdlcxSVpBMnFQUE1WZUNiZ01JbjB3MGwrSndjRzh1NFZjSEFEZzdwQlA5Nkk5cGUvTUNTL2NMenh4cDIwaE5NajJuYlB1ZDI4U3dvWGVHcnROU2I3ZFRkWFBPL3N5SmlFMmhtNWdmQnRvcjM4aGlyMTgvWStQWjFlb2RyTnEwSE1Ra3kwdWV2bW8yUklmWm01OW9LNHNhYjhHZVhVbUdNZTJnM2Q5THN2bUI4UExNaHRwU1l0Ym1qYXAwazZnaWl5MXRKRWZWVGVZNE9CSld0Slh1WFFWU1dUNVJvU1o5RGd1SEhjbkRxU1BwMmNZUTVzMld6aGd5Y3hZR2JxZWdJTGEwS1NtNEtjUVJnQ3N0RFEvQm9UckVFNXBVNXJNUFQ3dm1BM2QwNnhRPC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PFN1YmplY3Q+PE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+dXRlbnRlaXNlQGdlZGlzcGEub25taWNyb3NvZnQuY29tPC9OYW1lSUQ+PFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSJfYzg3OTNiNzctYzE4Yy00ODdhLWE3MWItNWMwMjVmZDVhODFlX0RFTElNSVRFUnBvcnRhbElkX0VRVUFMU2M4NzkzYjc3LWMxOGMtNDg3YS1hNzFiLTVjMDI1ZmQ1YTgxZV9TRU1JcG9ydGFsU2Vzc2lvbklkX0VRVUFMUzAwNGUyYzIwLWZmM2EtNDA0Yi1iYzI1LTc0ZjQyNmZmYWU2ZV9TRU1JdG9rZW5fRVFVQUxTTFJPUlpUMlpFUDZMQ1E0WkpLN0tGTlpSNFU5Tk1VOElfU0VNSXJhZGl1c1Nlc3Npb25JZF9FUVVBTFM1QjY5RkEwQTAwMDAwQzc2MEM2RTQ1QTZfU0VNSV9ERUxJTUlURVJjcC1pc2UuaW50LmdlZGkuaXQiIE5vdE9uT3JBZnRlcj0iMjAyMS0wOS0yMlQwODozNToyNi44OTdaIiBSZWNpcGllbnQ9Imh0dHBzOi8vY3AtaXNlLmludC5nZWRpLml0Ojg0NDMvcG9ydGFsL1NTT0xvZ2luUmVzcG9uc2UuYWN0aW9uIi8+PC9TdWJqZWN0Q29uZmlybWF0aW9uPjwvU3ViamVjdD48Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjEtMDktMjJUMDc6MzA6MjYuODk3WiIgTm90T25PckFmdGVyPSIyMDIxLTA5LTIyVDA4OjM1OjI2Ljg5N1oiPjxBdWRpZW5jZVJlc3RyaWN0aW9uPjxBdWRpZW5jZT5odHRwOi8vQ2lzY29JU0UvYzg3OTNiNzctYzE4Yy00ODdhLWE3MWItNWMwMjVmZDVhODFlPC9BdWRpZW5jZT48L0F1ZGllbmNlUmVzdHJpY3Rpb24+PC9Db25kaXRpb25zPjxBdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy90ZW5hbnRpZCI+PEF0dHJpYnV0ZVZhbHVlPmFhMzIyY2M2LTBlNDMtNDgxZS04YjlmLTFhMDAyZWQ2ZGE0ZTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy9vYmplY3RpZGVudGlmaWVyIj48QXR0cmlidXRlVmFsdWU+YWQyMjk5ODgtNjRiOS00YjAwLWJhN2YtMDUyMmNmMTRhOTkyPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vaWRlbnRpdHkvY2xhaW1zL2Rpc3BsYXluYW1lIj48QXR0cmlidXRlVmFsdWU+VXRlbnRlIElzZTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL2dyb3VwcyI+PEF0dHJpYnV0ZVZhbHVlPjA0ZWJiNzFjLWM4ZDQtNDFiNS05ZmIxLWYzYjM5YzU0MzFkODwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy9pZGVudGl0eXByb3ZpZGVyIj48QXR0cmlidXRlVmFsdWU+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYWEzMjJjYzYtMGU0My00ODFlLThiOWYtMWEwMDJlZDZkYTRlLzwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2NsYWltcy9wOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9zdXJuYW1lIj48QXR0cmlidXRlVmFsdWU+SXNlPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL25hbWUiPjxBdHRyaWJ1dGVWYWx1ZT51dGVudGVpc2VAZ2VkaXNwYS5vbm1pY3Jvc29mdC5jb208L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjwvQXR0cmlidXRlU3RhdGVtZW50PjxBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjEtMDktMjFUMTI6NTc6NDEuODg4WiIgU2Vzc2lvbkluZGV4PSJfZDkxYjhlYTgtYTI0ZS00YzYzLWEyNWQtYjUyNTU1NjEwZTAwIj48QXV0aG5Db250ZXh0PjxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvQXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9BdXRobkNvbnRleHQ+PC9BdXRoblN0YXRlbWVudD48L0Fzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==">
<INPUT TYPE="HIDDEN" NAME="RelayState" VALUE="_c8793b77-c18c-487a-a71b-5c025fd5a81e_DELIMITERportalId_EQUALSc8793b77-c18c-487a-a71b-5c025fd5a81e_SEMIportalSessionId_EQUALS004e2c20-ff3a-404b-bc25-74f426ffae6e_SEMItoken_EQUALSLRORZT2ZEP6LCQ4ZJK7KFNZR4U9NMU8I_SEMIradiusSessionId_EQUALS5B69FA0A00000C760C6E45A6_SEMI_DELIMITERcp-ise.int.xxx.it">
<NOSCRIPT><CENTER>
<INPUT TYPE="SUBMIT" VALUE="Submit SAMLRequest data"/></CENTER></NOSCRIPT>
</FORM></BODY></HTML>
any tips to solve yhis issue?
09-22-2021 04:48 AM
- What's you ISE-version ?
M.
09-22-2021 05:00 AM
Ise 3.0 patch 2
It look like browser does not send to ise the SSO response
Because the body of the html code i posted looks like to be azure repsonse the browser should send to ise
09-22-2021 03:32 PM
The client browser does not send any response to ISE. The communication happens between ISE and AzureAD via SAML/OAuth. There is not enough information here to provide much meaningful help. It's possible the session is stuck in a redirect loop, but we would need much more information about your setup (ISE architecture diagrams, flow diagrams for what you're trying to achieve, screenshots of your policies, debug logs, packet captures, etc.).
If it gets the point of examining packet captures and debug logs, you might be better off opening a TAC case to investigate.
09-22-2021 04:11 PM
Hi Greg,
first of all thank you for your kindly reply.
I do not completly agree when you say "The communication happens between ISE and AzureAD via SAML/OAuth" (browser shoudl relay assertion from Azure to ISE) but problay you are right(azure works in a different way).
Probably TAC colud help us
again many many thx
Regards
09-29-2021 07:01 AM
Hi Guys,
TAC confirmed it is a BUG CSCvy81435
Soon i'm going to patch ISE (new release reòeased today) and will let you know about this issue
Bye
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: