12-02-2013 04:55 PM - edited 03-10-2019 09:08 PM
Hi there ,
How to strip multiple domain suffixes from username through ISE with AD being used as external Identity Source. Username is being used in username@domain format.
Cisco ISE 1.2 patch 4 introduced strip prefix or suffix @domain realm from username through ISE with AD being used as external Identity Source. But the documentation is not updated for this feature. I am able to strip 1 domain suffix successfully but subsequent ones listed in the suffix list fails to get stripped.
Any thoughts on the same.
Thanks Kumar
Solved! Go to Solution.
12-03-2013 09:51 AM
In the ISE Under Administration > Identity Management > External Identity Sources
Choose Active Directory on the Left, Select your AD Server and select Advanced Settings
Under Identity Suffix Strip, Make sure Strip prefixes listed below: is selected (I know, it says prefix).
In the List of Suffixes box, enter your list of domain suffixes to strip. The separating character is a comma (,).
If this doesn't fix your issue, then I am afraid that a call to TAC may be in order.
*****UPDATE*****
Spaces are significant characters. When listing domains, do so as such:
@domain.com,@domain.local,@testdomain.com
*****END UPDATE*****
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton
Message was edited by: Charles Moreton
12-03-2013 09:51 AM
In the ISE Under Administration > Identity Management > External Identity Sources
Choose Active Directory on the Left, Select your AD Server and select Advanced Settings
Under Identity Suffix Strip, Make sure Strip prefixes listed below: is selected (I know, it says prefix).
In the List of Suffixes box, enter your list of domain suffixes to strip. The separating character is a comma (,).
If this doesn't fix your issue, then I am afraid that a call to TAC may be in order.
*****UPDATE*****
Spaces are significant characters. When listing domains, do so as such:
@domain.com,@domain.local,@testdomain.com
*****END UPDATE*****
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton
Message was edited by: Charles Moreton
12-03-2013 03:16 PM
Thanks Charles, It worked.
12-03-2013 03:22 PM
Very glad to hear that it worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide