Just upgraded an ISE implementation to patch 7 and discovered that the patch broke the CWA guest portal on wireless. I haven't tested wired CWA but wireless is busted.
In summary the redirection works fine but when you enter valid guest credentials nothing happens including no logs on ISE. If you enter credentials that don't exist in the guest group you get a failed authentication and the corresponding log. As soon as I rolled back to patch 6 everything worked again.
If any TAC engineers see this feel free to pursue it - I would log a case but the kit is NFR and I can't be bothered going through the process of logging a job on NFR kit.
Solved! Go to Solution.
Have you tried different browsers? I've tested the patch 7 and my custom guest portal works as it should. Try firefox and see what it does. I've seen the latest IE give different errors on the guest portal.
I was working on this issue with Steve and with both Mac & PC and a variety of browsers we were getting the same issue. When you click submit on the guest login page, it reloads the same page and wipes the username and password fields. Nothing is showing in the authentication page. If the guest user types a wrong username/password then they receive the error page and this shows up on the admin portal.
Is this issue apparent when guest users are required to change the password? I had the same issue and a rollback to patch 4 and upgrade to patch 6 fixed it for me.
I am still having problems with the custom portal though.
Tried re-implementing patch 7 and it broke guest portal again so rolled back to patch 6 and all is good. We have 1,5,6 and 7 on the server.
I'm experiencing similar issues with patch 7. I am actually using a custom portal, which was working fine in patch 4 - after upgrading to patch 7 to fix a Web Posture bug, the portal would randomly push out pages from the Default Portal (I.E. Device Registration when I had no self provisioning flow enabled). Now, I am getting the error in the attachment after the user accepts the AUP.
The standard portal is working fine, except for a bug with the "Require Users to change password at login" option. When users try to change their password at first login, the portal errors out and I get an error in the Authentication Logs. However, the password is changed successfully. This issue is apparent since installing patch 7.
The problems I am experiencing are only apparent in a particular deployment, which has gone through ISE 1.2 -> Patch 4 -> Patch 7. I have tried to reproduce it on a fresh ISE setup (with the same patch succession) using the same custom web portal, but everything works as it should.
The error is: https://supportforums.cisco.com/sites/default/files/attachments/discussion/ise_error.jpg
I think that bug you reference is almost an exact match for the issue, except we aren't allowing password change. Overall though I think that bug answers the question. Despite seeming like a minor issue it is actually a major issue for the bulk of deployments I have a done meaning I can't feasibly upgrade to 7. Hopefully patch 8 addresses some of the multitude of issues that seem to be affecting ISE 1.2 at present.