cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
476
Views
0
Helpful
2
Replies

ACS 5.0, Identity Groups within Access Services Authorization

stephan.ochs
Level 1
Level 1

At the moment I'm evaluating ACS 5.0.0.21 (Eval-Version).

I defined a Service Selection that leads to an Access Service named "DeviceAdmin".

Within this I defined Authorization Rules (Standard Policy) with Conditions an Identity Group and/or UserName.

The problem ist that they never match.

Even if I define an (existing) Identity Group (also All Users) or an (existing) Username, the Authorization Policy always hits to default rule.

Any hint, what's wrong? A known bug?

2 Replies 2

jrabinow
Level 7
Level 7

Can you clarify which identity store you are authenticating against in the identity policy?

Also a good place to look for troubleshooting is at:

Monitoring & Reports: ... > Reports > Catalog > AAA Protocol > RADIUS_Authentication

Get to see a list of all recent attempts and any failure reasons. Can select the magnifying glass icon to drill down on the details of the request processing

Thanks for your reply.

Yesterday I purged all identity groups, applied them again and it worked.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: