Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.

Session abort when editing user in ACS 5.6

Since the upgrade to ACS 5.6 we are not able to edit user settings in the 'Internal User Identity Store' anymore.

As soon as we click the 'submit' button in the 'user edit screen' we are immediately kicked out of the application and we land on the ACS loggin screen with the message 'user logged out successfully'.

The same thing happens with Firefox, IE and Chrome.

What's going on?

Everyone's tags (1)
10 REPLIES
New Member

Hi Christianjust as an

Hi Christian

just as an information for other guys having the same problem. We saw, that when you migrated from ACS 5.x to 5.6 and you have users with () in some fields (e.g. additional information fields), you have to delete these brackets and you are able (in some cases) to edit and save the new user information.

But there are still some users where we click submit, but the changes aren't saved, but you are not logged out of the session. We will further investigate this issue.

Regards

Dominic

 

New Member

Another update: a workaround

Another update: a workaround for the problem with the users, which can not be saved, is to change their passwords. After that you are able to save them again.

Even if theses users - migrated from an earlier ACS 5.x version - do not have any special characters in their passwords, they have a problem while editing the user settings. In my opinion, this seems to be a bug in ACS 5.6.

Regards

Dominic

The reason for this behavior

The reason for this behavior is the minimum password lenght rule. During the upgrad it was reset to 8 characters instead of 6 characters as bevore. The affected users could not be edited anymore unless the rule was changed or the password was reset with 8 characters.

This is the answer from TAC:

'It seems that you have minimum length for password configured as 8 character. For 146 users password length is less than 8 chars which are already present in the DB. Because of this configuration, user details are not getting updated.

To solve this, you need to either change the password policy to allow shorter passwords (6 characters) or change all the passwords that are less than 8 chars to meet the required length.

MGMT GUI: System Administration -->Users --> Authentication Settings --> Password Complexity--> Minimum length'

New Member

This issue (getting logged

This issue (getting logged out) occurs even when trying to create a new Identity Policy (Access Policies --> VPN Access --> Identity --> Create). I cannot create new accounts and I cannot edit existing accounts. It does let me delete accounts. Not sure what to do here. Any advice would be great.

Hello IanMake sure you

Hello Ian

Make sure you respect the mininum characters rule for passwords that is set on your system.

New Member

Hi Iandid you try to install

Hi Ian

did you try to install patch version 3 for ACS 5.6? I saw the following resolved issues:

- CSCur59417 ACS 5.x apostrophe,plus sign causing gui log out
- CSCut55144 Special characters issue
 
Best regards
Dominic
New Member

Hi allwe have this Problem

Hi all

we have this Problem also.
We have e Group name "MDE Geräte" (MDE devices) what contains a special character.
We can not change the group name, because after that we are facing with the issue 'user logged out successfully'.
The usernames can be chnaged, but 1000 or more is to much work.
Can we to change this policy so, that this special character can stay?

Thanks

 

I didn't find a way to allow

I didn't find a way to allow the forbidden special characters. According to Cisco it is for security reason.

New Member

Thank you. I oppened a TAC.

Thank you. I oppened a TAC.

This is the answer from TAC

This is the answer from TAC regarding the situation with the session aborts:

'Regarding the issue with the user logout when attributes contain special characters, ACS is not allowing those chars to protect from vulnerable injection. So you should not have those characters in the fields.'

Conclusion: Do not use special characters like () in any field of the 'user edit screen'.

409
Views
0
Helpful
10
Replies
CreatePlease to create content