This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Team, any support for sponsor guest portal authentication with the smartcard?
If not then can someone plese create feature request to Cisco, smartcards are being rolled out more and more.
The first one. Someone logging in to the sponsor portal with a smartcard.
I doubt thats supported, i personally don't see smartcards anywhere except for thin-client based environments, i doubt support for it is gonna happen.anytime soon.
I know this is old, but I wanted to reply to the above. If you work in the private sector you won't often see smart cards. If you work on a DoD base or other federal agencies you'd realize how HUGE the use case is. :)
Your correct, this is huge in Federal Agencies especially after the OPM Breach. We have it working with the ASA 5540 checking PIV Cert and then allowing the user to access a bookmark which auto-logs them into the Sponsor Portal by sending there "UPN, SAN" whatever attribute matches the username. Inside the conditions we have the AD identity set to false therefore its only looking for the Username as the user doesn't have a pw.
We are testing ISE 1.4 now and are going to see if SSO works correctly for the Sponsor Portal. This will suffice for our PIV integration requirements.
We've got it working in our agency. It's front ended by an 5540 ASA that sends the users attributes to ISE and then loops ISE to authenticate via AD. I've got a pretty sweet write up on it from our advanced services rep. The guys are legit when it comes to work around and I just finished testing this with ISE 1.3. If you guys are interested I'll attach it tomorrow.
Attached configuration guide. Note for 1.3 the Sponsor Group Policy has been removed. Just make sure the Sponsor Group is configured and add the store to locate the user. In our case its AD.
If you have questions just PM me and Ill be glad to assist.
Hi Ryan, if you could share it, I'd be very grateful!