Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

802.1x authentication

I was wondering, If you are using a SmartCard to authenticate to the network using the CSACS 5.0 software, is it possible to set the ACS to look at other information besides the three given options.  I can get the ACS to take the e-mail address off of my smartcard.  However, I need it to take the userPrincipalName off of my smartcard.  I can do this easily with the ASA.

I wanted to do something similar to what I have setup on the ASA

Currently I have the following on the ASA:

1.  A user places there smart card into the reader.

2.  Next, they log into the AnyConnect client.

3.  The AnyConnect client sends the information to the ASA.

4.  The ASA checks the userPrincipalName off of the SmartCard and sends the information to two places:

     a.  Active Directory

     b.  Revocation Server

I want to be able to pull this same information off of the SmartCard using the ACS with EAP-TLS.  The ACS definitely sees the information because the UserPrincipalName shows up as the user in the ACS logs next to the e-mail address.

Any help would be greatly appreciated.



CreatePlease to create content