Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ISE 1.2 Patch 7 possible guest CWA bug

Just upgraded an ISE implementation to patch 7 and discovered that the patch broke the CWA guest portal on wireless. I haven't tested wired CWA but wireless is busted.

In summary the redirection works fine but when you enter valid guest credentials nothing happens including no logs on ISE. If you enter credentials that don't exist in the guest group you get a failed authentication and the corresponding log. As soon as I rolled back to patch 6 everything worked again.

 

If any TAC engineers see this feel free to pursue it - I would log a case but the kit is NFR and I can't be bothered going through the process of logging a job on NFR kit.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

please check CSCuo16503

please check CSCuo16503

12 REPLIES
Community Member

Have you tried different

Have you tried different browsers? I've tested the patch 7 and my custom guest portal works as it should. Try firefox and see what it does. I've seen the latest IE give different errors on the guest portal.

Community Member

I was working on this issue

I was working on this issue with Steve and with both Mac & PC and a variety of browsers we were getting the same issue. When you click submit on the guest login page, it reloads the same page and wipes the username and password fields. Nothing is showing in the authentication page. If the guest user types a wrong username/password then they receive the error page and this shows up on the admin portal.

Community Member

Hi Joe,Is this issue apparent

Hi Joe,

Is this issue apparent when guest users are required to change the password? I had the same issue and a rollback to patch 4 and upgrade to patch 6 fixed it for me.

I am still having problems with the custom portal though.

Community Member

No, We don't force users to

No, We don't force users to change password. We rolled back to patch 6 and left it for the moment.

Community Member

Are you using a custom portal

Are you using a custom portal?

Community Member

Just the standard portal.

Just the standard portal.

Community Member

Tried re-implementing patch 7

Tried re-implementing patch 7 and it broke guest portal again so rolled back to patch 6 and all is good. We have 1,5,6 and 7 on the server.

Community Member

Hi, I'm experiencing similar

Hi,

 

I'm experiencing similar issues with patch 7. I am actually using a custom portal, which was working fine in patch 4 - after upgrading to patch 7 to fix a Web Posture bug, the portal would randomly push out pages from the Default Portal (I.E. Device Registration when I had no self provisioning flow enabled). Now, I am getting the error in the attachment after the user accepts the AUP.

 

The standard portal is working fine, except for a bug with the "Require Users to change password at login" option. When users try to change their password at first login, the portal errors out and I get an error in the Authentication Logs. However, the password is changed successfully. This issue is apparent since installing patch 7.

the guest portal in Patch 7

the guest portal in Patch 7 is working fine. Please check the different browser and share the screen shoot of error.

Community Member

Hi, The problems I am

Hi,

 

The problems I am experiencing are only apparent in a particular deployment, which has gone through ISE 1.2 -> Patch 4 -> Patch 7. I have tried to reproduce it on a fresh ISE setup (with the same patch succession) using the same custom web portal, but everything works as it should.

The error is: https://supportforums.cisco.com/sites/default/files/attachments/discussion/ise_error.jpg

 

Thanks!

Cisco Employee

please check CSCuo16503

please check CSCuo16503

Community Member

I think that bug you

I think that bug you reference is almost an exact match for the issue, except we aren't allowing password change. Overall though I think that bug answers the question. Despite seeming like a minor issue it is actually a major issue for the bulk of deployments I have a done meaning I can't feasibly upgrade to 7. Hopefully patch 8 addresses some of the multitude of issues that seem to be affecting ISE 1.2 at present.

111
Views
0
Helpful
12
Replies
CreatePlease to create content