Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISE 1.1.1 - User Accept Policy keeps returning

Hello there

I have an ISE 1.1.1 setup, with a guest portal. The AD can be used to log onto this portal, and the is on First Login.

However, every time a AD user logs in on the portal, he has to accept the User Accept Policy. Is this a bug? Or is there a configuration error?

Greetings

Everyone's tags (1)
10 REPLIES

ISE 1.1.1 - User Accept Policy keeps returning

Hi Steve,

Is the user logging in from different devices or the same device?

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

ISE 1.1.1 - User Accept Policy keeps returning

Same device, thats the weird thing. Does it work with cookies or something?

New Member

ISE 1.1.1 - User Accept Policy keeps returning

Is this on wired or wireless ? We see the same on wireless guest with AD auth, everytime the users authenticated session timesout on the WLC. I just guessed it was a feature.

ISE 1.1.1 - User Accept Policy keeps returning

Steve,

It should be able to redirect users based on the username and device that they are authenticating from, if you look at the endpoint there is an attribute that is AUP specific once that is set to yes, the profiling database should have this flag set so it isnt redirected to the AUP after login.

In your authorization profile is the client being redirected to another authorization policy after CoA?

Please post screenshots of the authorization policy, the endpoint attribute, and the authentication events....

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

ISE 1.1.1 - User Accept Policy keeps returning

Hello Tarik

I am not using CoA, so there is no other authorization policy.

I will post screenshots tommorow.

Greetings

Steven

ISE 1.1.1 - User Accept Policy keeps returning

Also are you using central web authentication or local web authentication on your WLC? The reason is that you will need CoA in order remove the redirect url attribute once the user accepts the AUP the first time in a CWA scenario. If you are using local web authentication where the webauth is configured as a redirection to an "external server" then the AUP maybe sourced from the controller locally before allowing the user to continue on.

thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

ISE 1.1.1 - User Accept Policy keeps returning

Im using local auth, would it not be possible to use the AUP then?

Screenshots:

Re: ISE 1.1.1 - User Accept Policy keeps returning

That is correct, if you only want to show the AUP once, there is a flag that ise uses to track if the user and endpoint together have accepted the AUP. When the reauthenticate then they aren't presented the AUP.

I hope that helps,

Sent from Cisco Technical Support iPad App

Tarik Admani *Please rate helpful posts*
New Member

Re: ISE 1.1.1 - User Accept Policy keeps returning

Erm... thats what this topic is about, its not working, even when the setting is correct.

Re: ISE 1.1.1 - User Accept Policy keeps returning

You are correct but the AUP page is probably the AUP from the controller since only the authentication is being redirected to the ise node.

When you see the AUP does it ave 1.1.1.1 or the ise ip address?

I can't see the screenshots through my iPad but will check them in a few.

Sent from Cisco Technical Support iPad App

Tarik Admani *Please rate helpful posts*
546
Views
0
Helpful
10
Replies
CreatePlease login to create content