cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
848
Views
0
Helpful
0
Replies

ISE Selecting wrong authorization profile

g-hopkinson
Beginner
Beginner

Hi,

We are testing ISE in a wired environment.

We have set up two authorization profiles called AD_Machine and AD_User as recommned in Trustsec 2.0 doc.  The AD_Machine policy has a condition set on it to look at the AD External Group AD Machines, likewise the AD_User has a condition to look at AD External Group AD Users.  At the end of the authorization policy list we have the default policy, this is set to WEBAUTH authorization profile.

What we see is machine auth is granted by the WEBAUTH policy as this is catch all.  If I disable WEBAUTH it picks AD_Machine, also if I enable WEBAUTH and remove the AD External Group AD Machines condition it also selects the correct policy.

There seems to be some kind of timing issue when authorizing against an external DB.

Any ideas?

Thanks.

Gary

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: