cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2199
Views
5
Helpful
7
Replies

"Disclose invalid usernames" not working in ISE 2.4 patch 9

scott.stapleton
Level 1
Level 1

CSCvh91118 implies (but doesn't explicitly state) that from ISE 2.4 patch 6, you can permanently enable the Disclose invalid usernames option. The pop-up help has also removed references about this option being limited to 30 minutes.

 

This option is not working however; RADIUS Live Logs still mask the invalid username, even when testing within ~5 minutes of enabling it. Unlike the previous behavior, the checkbox stays ticked after 30 minutes so that doesn't appear to be the problem.

 

Can anyone running ISE 2.4 patch7+ confirm whether the option works for them please?

 

CSCvo24097 doesn't appear to be at play as it appears CSCvo24097 is what drove the enhancement request that CSCvh91118 discusses.

7 Replies 7

Damien Miller
VIP Alumni
VIP Alumni

I have two deployments right now that have this enabled.  One is on 2.4 patch 9 and another on 2.4 patch 10.  Both work correctly assuming I am looking at new authentications, it doesn't unmask old ones.  

I assume you're using the AD connector?

 

It might be different with the LDAP connector I suspect.

Timothy Abbott
Cisco Employee
Cisco Employee

If you are still having issues with this option, please contact the TAC to troubleshoot further.

 

-Regards,

Tim

Thanks - can you confirm this is a known bug (with the LDAP connector at least)?

Does anyone have this working with the LDAP connector?

Hi,

using ISE 2.7 the "Disclose invalid usernames " is working with "Always show invalid usernames" option for LDAP User lookups.

Bug seems to be fixed now.

Hi, was there a bug ID? I am running 2.6 patch3 and still seeing the issue.