Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Manipulating username in ACS 5.3

Does anyone know if ACS 5.3 has a feature to allow you to change or otherwise manipulate a user-name value within ACS as an authentication request comes into the system.

We want to use ACS to authenticate users to a particular device, but the device does not allow us to have username's in the format that we require, and the rest of our systems allow and require.

We want a way of manipulating the user ID of someone logging into the system, so that when the authentication request hits the ACS their username is massaged into the format we require, before being further processed against identity policies etc.

Anyone know if this is somehow possible within ACS?

Everyone's tags (5)
5 REPLIES

Manipulating username in ACS 5.3

You can try an article found here which was written by someone in the security and network management subforum of the wireless group. Now this guide pertains to suffix stripping using PEAP, let me know if this is what you are looking for.

Hope this works!

http://www.my80211.com/home/2011/11/8/cisco-acs-5x-radius-proxy-server-to-strip-prefix-or-suffix-u.html

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Manipulating username in ACS 5.3

Thanks for the reply. That sort-of came close to what we need, but doesn't quite do the trick. We actually want to do something along the lines of doing a regex pattern match in the user-name string, and then insert or change characters.

Manipulating username in ACS 5.3

Sorry but you can not do that with ACS.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
Gold

Manipulating username in ACS 5.3

Tarik is correct. However, if you have the time would be interested to understand the type of user name manipulation that you are looking to do and the use case that is driving the manipulation of the user name in this way. This will allow better understanding of the requirements for the future

New Member

Manipulating username in ACS 5.3

OK, for example, we have standardised our account names to be in a certain form.e.g. user-joe.bloggs (just an example). All of our systems are fine with this with the exception of 1 that won't allow "-" in the username field.

We can do one of 2 things. Either set all of the users up with a second account with a username that supports the system, or somehow when logging into the system, have it send "userjoe.bloggs" to the ACS, and the ACS somehow translate that to "user-joe.bloggs" before running through the AAA policies. Then of course be able to return Auth and Authorisation permits or deny's to the system with the "userjoe.bloggs" username embedded.

This is only an issue because of 1 system that we've deployed only to find that for some reason, it won't accept some special characters in the username. Hopefully a future release of the system in question deals with this issue, but until then, we'd really like a way of being able to do this without having to duplicate a bunch of users and have them deal with yet another credential set to remember.

429
Views
0
Helpful
5
Replies
CreatePlease to create content