Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1142
Views
0
Helpful
5
Replies

Manipulating username in ACS 5.3

lyle.cameron
Level 1
Level 1

‎08-27-2012 08:32 PM - edited ‎03-10-2019 07:28 PM

Does anyone know if ACS 5.3 has a feature to allow you to change or otherwise manipulate a user-name value within ACS as an authentication request comes into the system.

We want to use ACS to authenticate users to a particular device, but the device does not allow us to have username's in the format that we require, and the rest of our systems allow and require.

We want a way of manipulating the user ID of someone logging into the system, so that when the authentication request hits the ACS their username is massaged into the format we require, before being further processed against identity policies etc.

Anyone know if this is somehow possible within ACS?

Labels:
0 Helpful
5 Replies 5

Tarik Admani
VIP Alumni
VIP Alumni

‎08-29-2012 08:25 PM

You can try an article found here which was written by someone in the security and network management subforum of the wireless group. Now this guide pertains to suffix stripping using PEAP, let me know if this is what you are looking for.

Hope this works!

http://www.my80211.com/home/2011/11/8/cisco-acs-5x-radius-proxy-server-to-strip-prefix-or-suffix-u.html

Tarik Admani
*Please rate helpful posts*

0 Helpful

lyle.cameron
Level 1
Level 1
In response to Tarik Admani

‎08-29-2012 08:53 PM

Thanks for the reply. That sort-of came close to what we need, but doesn't quite do the trick. We actually want to do something along the lines of doing a regex pattern match in the user-name string, and then insert or change characters.

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to lyle.cameron

‎08-29-2012 10:46 PM

Sorry but you can not do that with ACS.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

jrabinow
Level 7
Level 7
In response to Tarik Admani

‎08-29-2012 11:19 PM

Tarik is correct. However, if you have the time would be interested to understand the type of user name manipulation that you are looking to do and the use case that is driving the manipulation of the user name in this way. This will allow better understanding of the requirements for the future

0 Helpful

lyle.cameron
Level 1
Level 1
In response to jrabinow

‎08-30-2012 03:32 PM

OK, for example, we have standardised our account names to be in a certain form.e.g. user-joe.bloggs (just an example). All of our systems are fine with this with the exception of 1 that won't allow "-" in the username field.

We can do one of 2 things. Either set all of the users up with a second account with a username that supports the system, or somehow when logging into the system, have it send "userjoe.bloggs" to the ACS, and the ACS somehow translate that to "user-joe.bloggs" before running through the AAA policies. Then of course be able to return Auth and Authorisation permits or deny's to the system with the "userjoe.bloggs" username embedded.

This is only an issue because of 1 system that we've deployed only to find that for some reason, it won't accept some special characters in the username. Hopefully a future release of the system in question deals with this issue, but until then, we'd really like a way of being able to do this without having to duplicate a bunch of users and have them deal with yet another credential set to remember.

0 Helpful
Customers Also Viewed These Support Documents