Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 5.0, Identity Groups within Access Services Authorization

At the moment I'm evaluating ACS 5.0.0.21 (Eval-Version).

I defined a Service Selection that leads to an Access Service named "DeviceAdmin".

Within this I defined Authorization Rules (Standard Policy) with Conditions an Identity Group and/or UserName.

The problem ist that they never match.

Even if I define an (existing) Identity Group (also All Users) or an (existing) Username, the Authorization Policy always hits to default rule.

Any hint, what's wrong? A known bug?

2 REPLIES
Gold

Re: ACS 5.0, Identity Groups within Access Services Authorizatio

Can you clarify which identity store you are authenticating against in the identity policy?

Also a good place to look for troubleshooting is at:

Monitoring & Reports: ... > Reports > Catalog > AAA Protocol > RADIUS_Authentication

Get to see a list of all recent attempts and any failure reasons. Can select the magnifying glass icon to drill down on the details of the request processing

New Member

Re: ACS 5.0, Identity Groups within Access Services Authorizatio

Thanks for your reply.

Yesterday I purged all identity groups, applied them again and it worked.

211
Views
0
Helpful
2
Replies
CreatePlease to create content