ACS 5.0, Identity Groups within Access Services Authorization

Unanswered Question
Oct 23rd, 2009
User Badges:

At the moment I'm evaluating ACS (Eval-Version).

I defined a Service Selection that leads to an Access Service named "DeviceAdmin".

Within this I defined Authorization Rules (Standard Policy) with Conditions an Identity Group and/or UserName.

The problem ist that they never match.

Even if I define an (existing) Identity Group (also All Users) or an (existing) Username, the Authorization Policy always hits to default rule.

Any hint, what's wrong? A known bug?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jrabinow Mon, 10/26/2009 - 16:06
User Badges:
  • Cisco Employee,

Can you clarify which identity store you are authenticating against in the identity policy?

Also a good place to look for troubleshooting is at:

Monitoring & Reports: ... > Reports > Catalog > AAA Protocol > RADIUS_Authentication

Get to see a list of all recent attempts and any failure reasons. Can select the magnifying glass icon to drill down on the details of the request processing

stephan.ochs Tue, 10/27/2009 - 00:07
User Badges:

Thanks for your reply.

Yesterday I purged all identity groups, applied them again and it worked.


This Discussion