06-06-2023 03:07 AM
Hello,
I have been stuck for several days on an ISE authentication problem with SAML.
Microsoft authentication works fine then the ISE redirects to google.com and it fails to change the authorization profile. As he does not have Internet access with the basic ACL he returns to Microsoft authentication.
It does add my MAC address in the group: EIG_BYODEndpoints
my authorization profile:
If I cut my wifi and restart my connection, I have internet access directly without going through SAML authentication.
06-06-2023 05:01 AM
Which Authorization Profile should it be hitting?
It is hitting the Endpoint ID group, but within the Profile set it is hitting default. I assume because there is no relevant Auth Profile with the BYOD User MAB
06-06-2023 06:17 AM - edited 06-06-2023 06:34 AM
Thank you for your answer.
With the default because it's his first connection.
What's weird is that when I log back in (after turning off wifi) then it matches with "BYOD USER MAB".
06-06-2023 06:20 AM - edited 06-06-2023 06:25 AM
After the SAML validation, he adds the mac address in the group but he can't match in the first Authorization Profile.
06-06-2023 07:07 AM
If I am right, the First condition will match MACs in the EIG_BYODEnpoints So that make sense that the authorization is BYOD User MAB.
So the problem is with SAML validation, it should be achieving the same as the MAC is detailed and should be captured within the endpoints correct?
06-07-2023 12:59 AM
Yes that's right.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide