Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1464
Views
0
Helpful
9
Replies

ISE - sponsor guest portal with smartcard authentication

Bilal Nawaz
VIP Alumni
VIP Alumni

‎03-05-2015 08:55 AM - edited ‎03-10-2019 10:31 PM

Team, any support for sponsor guest portal authentication with the smartcard?

If not then can someone plese create feature request to Cisco, smartcards are being rolled out more and more.

 

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Labels:
0 Helpful
9 Replies 9

jan.nielsen
Level 7
Level 7

‎03-05-2015 09:02 AM

Are you asking about having someone login to the sponsor portal with a smartcard, or using a smartcard to authenticate yourself as a guest ?

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to jan.nielsen

‎03-05-2015 09:18 AM

The first one. Someone logging in to the sponsor portal with a smartcard.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

jan.nielsen
Level 7
Level 7
In response to Bilal Nawaz

‎03-08-2015 11:01 AM

I doubt thats supported, i personally don't see smartcards anywhere except for thin-client based environments, i doubt support for it is gonna happen.anytime soon.

0 Helpful

Stephen Means
Level 1
Level 1
In response to jan.nielsen

‎07-23-2015 07:57 AM

I know this is old, but I wanted to reply to the above. If you work in the private sector you won't often see smart cards. If you work on a DoD base or other federal agencies you'd realize how HUGE the use case is. :)

0 Helpful

Ryan Coombs
Level 1
Level 1
In response to Stephen Means

‎07-23-2015 08:10 AM

Stephen,

Your correct, this is huge in Federal Agencies especially after the OPM Breach.  We have it working with the ASA 5540 checking PIV Cert and then allowing the user to access a bookmark which auto-logs them into the Sponsor Portal by sending there "UPN, SAN" whatever attribute matches the username.  Inside the conditions we have the AD identity set to false therefore its only looking for the Username as the user doesn't have a pw.

We are testing ISE 1.4 now and are going to see if SSO works correctly for the Sponsor Portal.  This will suffice for our PIV integration requirements.

0 Helpful

Ryan Coombs
Level 1
Level 1

‎03-30-2015 01:52 AM

We've got it working in our agency.  It's front ended by an 5540 ASA that sends the users attributes to ISE and then loops ISE to authenticate via AD. I've got a pretty sweet write up on it from our advanced services rep.  The guys are legit when it comes to work around and I just finished testing this with ISE 1.3. If you guys are interested I'll attach it tomorrow. 

 

 

Attached configuration guide.   Note for 1.3 the Sponsor Group Policy has been removed.  Just make sure the Sponsor Group is configured and add the store to locate the user.  In our case its AD.

 

If you have questions just PM me and Ill be glad to assist.

-Ryan 

Preview file
1659 KB
0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to Ryan Coombs

‎03-30-2015 01:52 AM

Hi Ryan, if you could share it, I'd be very grateful!

Thank you

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

Ryan Coombs
Level 1
Level 1
In response to Bilal Nawaz

‎07-26-2015 08:07 PM

Configuration Guide below.

Preview file
1659 KB
0 Helpful

ajc
Level 7
Level 7
In response to Ryan Coombs

‎07-24-2015 09:51 AM

Could you please share it? thanks

0 Helpful
Customers Also Viewed These Support Documents