Authorization fail with CATS Bapi's on InfoTypes

Hello all - when running BAPI_CATIMESHEETMGR_INSERT we are failing on Authorization - for example our profile doesn't have access to InfoType 0002 - however we cannot assign it directly as the user may also have PA20 etc. and we can't permit them to see data via online transactions - any solution would be greatly appreciated

If the BAPI is not..
No, other way around: if your z-table is not respected by the BAPI then an enhancement point might be?
Where did you add the z-table coding? It might be your own fault (just being honest).
Cheers,
Julius

Similar Messages

Authorization failed with JAAS in JBOSS

Hi all,
I write my own login module class (WusLdapLoginModule) for my web app. I can authenticate my user with username and password. But I failed in authorizing my user with roles.
I believe that I missed something, please help me.
My web application run on WinXP, Jboss 4.2.3 GA, OpenLdap 2.0.2.9
Here is my login module class:
package wus.identity.security;
import java.io.IOException;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import wus.identity.Role;
import wus.identity.User;
import wus.identity.dao.UserDAO;
public class WusLdapLoginModule implements LoginModule
    //properties
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map<String,?> sharedStates;
    private Map<String,?> options;
    private boolean loginOk;
    private User m_user;
    //====== DAO ====================
    private UserDAO m_userDao = new UserDAO();
    private static final Log log = LogFactory.getLog(WusLdapLoginModule.class);
    @Override
    public boolean commit() throws LoginException
        int i;
        if(loginOk)
            if(!subject.getPrincipals().contains(this.m_user))
                this.subject.getPrincipals().add(this.m_user);
                for(i=0;i<m_user.getRoles().size();i++)
                    this.subject.getPrincipals().add(m_user.getRoles().get(i));
            AuthenticatedUser.setAuthenticatedUser(m_user);
        return loginOk;
}Here is my Role class
package wus.identity;
import java.io.Serializable;
import java.security.Principal;
public class Role implements Principal, Serializable
    private static final long serialVersionUID = 10797L;
    //Properties
    private String name;
    private String note;
    public Role()
        name = "";
    @Override
    public String getName()
        // TODO Auto-generated method stub
        return name;
    }Here is a part of web.xml:
<security-constraint>
        <web-resource-collection>
            <web-resource-name>Secure Area</web-resource-name>
            <url-pattern>/sa/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            
            <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>
    
    
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/ua/login-example.jsf</form-login-page>
            <form-error-page>/ua/login-example.jsf?error=true</form-error-page>
        </form-login-config>
    </login-config>
<security-role>
        <role-name>admin</role-name>
    </security-role>
    <security-role>
        <role-name>user</role-name>
    </security-role>Thank in advance,
Vu

How is this question related to JSF?
Try a forum devoted to JAAS or JBoss, depending on the root cause of the problem.

Dynamic Authorization Failed - Posture with Guest Portal - ISE - WLC

Hello everybody,
I'm implementing a NAC solution based on Cisco ISE. Unfortunately, I'm facing a problem related to the CoA (Change of Authorization).
The guest can authenticate successfully via portal and then he is redirected to the page of client provisioning.
When he is compliant with the policy he gets access without any problem and this means that CoA works perfectly. The issue occurs when he has to remediate (download the file from ISE and install it). In this case, we need a change of authorization profile.
The authentication logs show that the posture status changed from non-compliant to compliant but the users doesn't obtain access .
Here are details :
Authentication Details
Source Timestamp
2015-04-30 18:43:13.179
Received Timestamp
2015-04-30 18:43:13.18
Policy Server
ISE-CISCO
Event
5417 Dynamic Authorization failed
Failure Reason
11213 No response received from Network Access Device after sending a Dynamic Authorization request
Resolution
Check the connectivity between ISE and Network Access Device. Ensure that ISE is defined as Dynamic Authorization Client on Network Access Device and that CoA is supported on device.
Root cause
No response received from Network Access Device after sending a Dynamic Authorization request
Username
User Type
Endpoint Id
E0:9D:31:07:**:**
Endpoint Profile
IP Address
Identity Store
Identity Group
Audit Session Id
ca0019ac00000003ae674255
Authentication Method
Authentication Protocol
Service Type
Network Device
WLC-1
Device Type
Location
NAS IP Address
172.25.0.202
NAS Port Id
NAS Port Type
Authorization Profile
Posture Status
Compliant
Security Group
Response Time
15002
Other Attributes
ConfigVersionId
4
RadiusPacketType
CoARequest
Event-Timestamp
1430415778
AcsSessionID
50149c2f-08fb-4f9d-b1b5-f655e71d039f
StepLatency
3=15001
Device IP Address
172.25.0.202
CiscoAVPair
subscriber:command=reauthenticate
audit-session-id
ca0019ac00000003ae674255
Session Events
2015-04-30 18:43:13.18
Dynamic Authorization failed
2015-04-30 18:41:44.159
Dynamic Authorization failed
2015-04-30 18:35:42.64
Guest Authentication Passed
2015-04-30 18:34:39.214
RADIUS Accounting start request

You can use LWA for this . he WLC redirects the HTTP traffic to an internal or external server where the user is prompted to authenticate. The WLC then fetches the credentials (sent back via an HTTP GET request in the case of external server) and makes a RADIUS authentication. In the case of a guest user, an external server (such as Identity Service Engine (ISE) or NAC Guest Server (NGS)) is required as the portal provides features such as device registering and self-provisioning.
Refer to the following link for configuration example
http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml

Authorization Issue with infotype

Dear Guru's,
There are a couple of Customer IT that have been created. For which I have also assigned the authorization. But for some of these Infotypes though the user has no authorization he is able to access it.
Can you guys give me a heads up on what might have gone wrong...
Regards
Vijaya Sankar

Vijay,
You may have already tried this but the first thing that pops into my head is to use SUIM.
Roles -> Roles by authorization values -> plug in P_orgin or P_orgincon (Whichever object you use) -> then under infotype plug in the value of the infotype you DON'T want them to see. Hit execute. Then compare those roles to the access your users have.
Thanks,

Stand alone APEX listener install fails with timezone region not found

Hi,
I have searched the forum but found only a thread for the installation with Goldfish.
I am very new to all this so I apologise if my problem is too simple, but please help as I am very frustrated with it.
I have a 10.2.0.4 database on Windows XP for testing with.
I installed APEX into it successfully, then down loaded the listener.
I have to Java installations, one under my Oracle Home, the other under Middleware where I have JDeveloper installed.
If I try $ORACLE_HOME/jdk/bin/java -jar apex.war it throws a Unsupported class version so I tried with the Middleware jdk and it appeared to install.
I then went to http://localhost:8080/apex/listenerConfigure and entered the password for APEX_PUBLIC_USER and the info for a basic connection, it fails with the following message
Request could not be processed due to error:
Sat Apr 30 00:06:30 CAT 2011
ORA-00604: error occurred at recursive SQL level 1
ORA-01882: timezone region not found
Please if anyone can help me through asap this I would be most grateful

Yay, I found the solution:
I started by running:
begin
for v_rec in (select tzname,tz_offset(tzname) v_offset from v$timezone_names
where tzabbrev='CAT') loop
dbms_output.put_line('tzname '||v_rec.tzname||', offset '|| v_rec.v_offset);
end loop;
end;
SQL> /
tzname Africa/Khartoum, offset +03:00
tzname Africa/Windhoek, offset +01:00
tzname America/Anchorage, offset -08:00
tzname US/Alaska, offset -08:00
PL/SQL procedure successfully completed.
I then added -Duser.timezone="+01:00" before the apex.war ie
java –jar -Duser.timezone="+01:00" apex.war

ISE 1.2 - Dynamic Authorization Failed

Hello!
In my design network I use the ISE for CWA with a WLC, but when a client entrer his credentials, the CoA failed with this error : "11213 No response received from Network Access Device after sending a Dynamic Authorization request"
This error is really strange because I can contact the ISE from the WLC. My ISE, and my broadcasted network are in the same VLAN, is it possible that this error come from this network architecture?
My is is patched with the cumulative patch 7 and for information, I can do a "manual CoA" by disconnect/reconnect the client manually and after that the client has a network access.
Used configuration for ISE and WLC : http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html
Thanks in advance if you have the least clue to resolve this issue.
Kévin

I will perform some additional testing and let you know my results. I have this setup in the lab now with ISE 1.2 Patch 7 as well.... Since I only have a couple of PC's in the lab, I've noticed that I am unable to terminate the users session manually. So I usually end up stopping and restarting the services. This is how i clear my live sessions.
Is your setup in a Lab or Production? If its in a lab can you restart ISE and your WLC. I know when I first did my "debug client <mac>" My airespace ACL was showing the incorrect ACL ID. After a reboot of ISE and recreating my WLC ACL it went away. I haven't noticed my service IP ever showing up in ISE. I usually see the users MAC address then a [email protected] "User Authentication" with his IP. Next its the WLC MNGT Interface and finally the User Authorization again show Authz Internet-Only.
My lab does not always function 100% so I am hoping after we go Live this weekend, these flaky issues go away. One of my problems is I don't have internet access. Just a web server hosting a web page. I'll keep notes on anything I find that hopefully assist you.

Java Applet in a HTML page: failing with PLS-00306: wrong number of args

We are trying to use a Java Applet in a HTML page. as our system needs to be able to retrieve a predefined set of data from a third party system that uses Dynamic Data Exchange Protocol (DDE) and are encountering errors from APEX and in IE itself.
We are using JavaDde from www.nevaobject.com that enables our Java applet to interact with Windows applications (Third Party System) using DDE.
This functionality is currently used in our Web Form 6i application and we are trying to use the same in the new ApEx application.
We are using ApEx version : 2.1 and actually aer encountering 2 problems:
Problem 1: ApEx failing with PLS-00306: wrong number or types of arguments in call to 'ACCEPT'
Problem 2: IE crashes if Applet used in a complex page with several regions (1 Context, 4 Report Regions, 2 level Tabs, Links)
This problem does not occur in the page where there is only applet and one region. In the case of complex page the IE crashes if the page is reloaded
Test scenario:
1- Create a simple page with the HTML region.
2- Define the Source of the above region as follows
<OBJECT CLASSID="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
CODEBASE="http://java.sun.com/products/plugin/autodl/jinstall-1_4-windows-i586.cab#version=1,4,0,0"
WIDTH="1"
HEIGHT="1"
ID="simpleApplet"
NAME="simpleApplet">
<PARAM NAME="code" VALUE="simpleApplet.class" >
<PARAM NAME="archive" VALUE="simpleApplet.jar" />
<PARAM NAME="type" VALUE="application/x-java-applet;version=1.4">
</OBJECT>
3- Create a simple Java applet "simpleApplet" - for the test its enough if the applet will have just the init method printing out the mesage to the console
4- Create a Submit Button (not redirect) in Region Header and create unconditional (do not set When Button Pressed property) Page Branch to navigate to another page (the page without the applet)
6- Run the page and Submit -
The error below is returned by the engine:
In our case our applet is called ddeApplet - I do not know why is ApEx passing the Applet's ID down to the wwv_flow.accept method as a parameter
Tue, 24 Jul 2007 08:15:39 GMT
ORA-06550: line 7, column 2:
PLS-00306: wrong number or types of arguments in call to 'ACCEPT'
ORA-06550: line 7, column 2:
PL/SQL: Statement ignored
DAD name: rbdev2_ax
PROCEDURE : wwv_flow.accept
URL : http://castor:7778/pls/rbdev2_ax/wwv_flow.accept
PARAMETERS :
============
P_FLOW_ID:
147
P_FLOW_STEP_ID:
500
P_INSTANCE:
6986070096861669560
P_PAGE_SUBMISSION_ID:
1005758
P_REQUEST:
CRASH
P_ARG_NAMES:
100380029717786501
P_T01:
147
P_T02:
101
P_T03:
5000044
P_T04:
1
P_T05:
S
DDEAPPLET:
Ddeapplet[panel0,0,0,1x1,layout=java.awt.BorderLayout,rootPane=javax.swing.JRootPane[,0,0,1x1,layout=javax.swing.JRootPane$RootLayout,alignmentX=null,alignmentY=null,border=,flags=385,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
P_MD5_CHECKSUM:
ENVIRONMENT:
============
PLSQL_GATEWAY=WebDb
GATEWAY_IVERSION=2
SERVER_SOFTWARE=Oracle HTTP Server Powered by Apache/1.3.19 (Unix) mod_fastcgi/2.2.10 mod_perl/1.25 mod_oprocmgr/1.0
GATEWAY_INTERFACE=CGI/1.1
SERVER_PORT=7778
SERVER_NAME=castor
REQUEST_METHOD=POST
QUERY_STRING=
PATH_INFO=/pls/rbdev2_ax/wwv_flow.accept
SCRIPT_NAME=/pls
REMOTE_HOST=
REMOTE_ADDR=192.168.66.169
SERVER_PROTOCOL=HTTP/1.1
REQUEST_PROTOCOL=HTTP
REMOTE_USER=
HTTP_CONTENT_LENGTH=661
HTTP_CONTENT_TYPE=application/x-www-form-urlencoded
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP_HOST=castor:7778
HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
HTTP_ACCEPT_ENCODING=gzip, deflate
HTTP_ACCEPT_LANGUAGE=en-us
HTTP_ACCEPT_CHARSET=
HTTP_COOKIE=ISCOOKIE=true; LOGIN_USERNAME_COOKIE=rdanko; ORACLE_PLATFORM_REMEMBER_UN=RDANKO:ngrb; WWV_FLOW_USER2=70FBB00945FE46B9; V6_AUTHENTICATION_COOKIE=70FBB00945FE46B9
Authorization=
HTTP_IF_MODIFIED_SINCE=
HTTP_REFERER=http://castor:7778/pls/rbdev2_ax/f?p=147:500:6986070096861669560:::::
HTTP_SOAPACTION=

"theArrow",
It looks like whatever HTML you're including on your page is creating HTML input form elements inside the HTML form "wwv_flow". This form is posted to wwv_flow.accept, and of course, the PL/SQL procedure wwv_flow.accept doesn't know anything these additional arguments/form elements you're attempting to POST.
Joel

Authorization failed when trying to connect Hyperion to BW 7.0

Hello gurus,
Using Hyperion interactive Reporting Studio, I try to access BW cubes.
I select OLE DB as connection type and SAP BW OLE DB provider, I am prompted for a BW system to connect to.
I then get the following error message:
OLE Error: 80040e4d
Error Source: MDrmSAP.2
Error Desciption: Authorization failed.
Using the same BW provider and the same BW user, I am able to connect form Excel.
So I wonder what the problem is.
Help really appreciated.
Alex-

Hi Ingo,
I do not get any error while using the Universe Designer, I get this error when trying to connect a SAP BW related universe in Crystal Reports. There is no problem at all with WebIntelligence by the way. It is possible to connect a SAP BW related universe in WebIntelligence.
I use BO XI 3.0 with Crystal Reports 2008 and the SAP Integrations Kit client components are installed on the client machine.
Nevertheless the BO Enterprise system is not configured with SAP Authentification, but with an own authentification.
Best Regards,
Thomas

Problem with mutiple BAPI calls during the commit

Hi all,
I am trying to create accounts for a given partner i the transaction F9K1 using the BAPI BAPI_BKK_ACCNT_CREATE. After calling the BAPI I am committing it too.
The problem is if I try to create multiple accounts like RCA, ACA, MCA, IOE and so on, the first time the BAPI is called to create RCA account it is successful an it is even committing. When I call the BAPI to create the the ACA account the return table from the BAPI shows success message but the commit fails. If I restart the program and try creation of accounts now the RCA will throw a error msg saying account already exist, ACA account will be created and then the MCA account creation fails in the same manner explained above.
I see the issue is with multiple BAPI calls and I tried using all sort of methods like clearing buffers, start new task in local and wait command and all. But none of them seems to be working for me.
Can anyone please guide me on how I can overcome this problem.
Thanks.

BAPI :
BAPI BAPI_BKK_ACCNT_CREATE
Functionality
Use this method to create an account in Bank Customer Accounts. This method returns the following values:
Identification details for the newly created account such as the internal and the external account number, and the bank area details
A table containing error messages
To create an account by using this method, you must specify values for the import parameters Bank Area (BANKAREA) and Product (PRODUCTNAME).
Note: You must also specify a value in the External Account Number (EXTERNALACCOUNTNR) parameter if you have defined an external number range for the bank .
REgards,
Jayan.

Error http the request failed with http status 401: unauthorized

Hi,<o:p></o:p>
We are currently developing a Web Part for a
dashboard that connects from SharePoint 2010 to Project Server, we are trying
to connect via the PSI web service and fetch the project data but it is giving
the same error "The request failed with HTTP
status 401: Unauthorized". We are having a huge
issue with gaining authorization through the PSI and cannot figure out what the
problem is. We are using Project Server 2010, SharePoint 2010 and Visual Studio
2010.<o:p></o:p>
The person developing this has administrative
rights on both servers and it is running on his account. However, this is his
first experience with Project Server. Could some provide some guidance?<o:p></o:p>
Does anyone have any suggestions?<o:p></o:p>
Thanks,<o:p></o:p>
Aba
<o:p></o:p>

Hi,
Have the credentials been set for the web service? Or are you trying to pass the credentials of the user accessing the webpart? In the second case, the user must have permissions in project server
It would be useful if you can share the part of the code that fails
Paul

Fusion Apps web service call fails with error access denied (oracle.wsm.security.WSFunctionPermission)

Hello Guru,
I am trying to call a supplier service from SOA/OSB.
But while calling the service it is failing with the below error message
access denied (oracle.wsm.security.WSFunctionPermission http://xmlns.oracle.com/apps/prc/poz/suppliers/supplierService/SupplierService#getSupplierVO invoke)
As per OER cookbook i have attached the "oracle/wss_username_token_client_policy" to the Fusion apps web service.
I am trying to pass security credentials to the service by using all the methods... through composite ..through bpel through wsse header but in all cases i am getting similar error.
Please let me know if some one has called the fusion apps web service to create a supplier of solution to my problem as mentioned above.

Hi Sai,
Thanks for the quick and correct response. Yes, after doing the research, I'm also came to same conclusion. But what stops me here is that where exactly I need to check for this permission.
I mean the theory what I built on this Authorization/Permission is that:
For the resource - WebService (SupplierService), there is an assigned application role for which the Entitlement/Permission is provided.
Pls. help me in the below items:
a. What is the application role(in role hierarchy) assigned to this resource(Webservice). Which page I need to check(navigation) this and the required credentials..
b. What is the Entitlement provided for this application role for this operation (getSupplierVO) invoke.. Which page I need to check(navigation) this and the required credentials..
Thanks in Advance.
Thanks & Regards
Madhu

FusionApps web service call fails with error access denied (oracle.wsm.security.WSFunctionPermission)

Hi Gurus,
I started test this webservice from EM (Test Web Service)
But while calling the service it is failing with the below error message
access denied (oracle.wsm.security.WSFunctionPermission http://xmlns.oracle.com/apps/prc/poz/suppliers/supplierService/SupplierService#getSupplierVO invoke)
As per OER cookbook i have attached the "oracle/wss_username_token_client_policy" to the Fusion apps web service.
I am trying to pass security credentials to the service by using all the methods... through composite ..through bpel through wsse header but in all cases i am getting similar error.
Please let me know if some one has called the fusion apps web service to create a supplier of solution to my problem as mentioned above.
Is it any policy error or the authorization error ...
Are there any navigation steps I can check the existed permission on this resource etc..,
Thanks in Advance

Hi Sai,
Thanks for the quick and correct response. Yes, after doing the research, I'm also came to same conclusion. But what stops me here is that where exactly I need to check for this permission.
I mean the theory what I built on this Authorization/Permission is that:
For the resource - WebService (SupplierService), there is an assigned application role for which the Entitlement/Permission is provided.
Pls. help me in the below items:
a. What is the application role(in role hierarchy) assigned to this resource(Webservice). Which page I need to check(navigation) this and the required credentials..
b. What is the Entitlement provided for this application role for this operation (getSupplierVO) invoke.. Which page I need to check(navigation) this and the required credentials..
Thanks in Advance.
Thanks & Regards
Madhu

ISE Alarm (WARNING): Dynamic Authorization Failed for Device

Hi all,
I am posting this discussion as previous posts that I have found in this forum have never been resolved or the resolution is not applicable to me.
I am using ISE 1.1.1.268 and WLC 7.2.111.3 and NAC agent version 4.9.1.6 on Windows 7 Client machines.
About once a day i get the error "ISE Alarm (WARNING): Dynamic Authorization Failed for Device".
The device it is reffering to is my NAD, a WLC 5508 running 7.2.111.3
I have looked at the logs and I cannot see anything in the logs which correcponds to this message so that I can troubleshoot further. Maybe I can if I am enabling the correct logging level on the correct ISE component.
Can someone suggest the components and the logging level that I should set to get some more detail about this error?
At the moment, I have only set debug logging on Active Directory. I have TRACE logging set on Posture, Runtime AAA & prrt-JNI.
I do not want to enable too much debug logs, so I was wondering whether anyone can help with a specific element that I should be debugging.
I thought debugging the posture element would be enough but when I look at the logs there is nothing there that relates to this message.
Can anyone help?
thanks
Mario

Firstly, I wouldn't run a production deployment of ISE on 1.1.1.... 1.1.3 Patch 1 or 1.1.4 is the way to go.
Secondly, this error happen a lot, especially with Wireless, and it's not worth worrying about. I've had a couple of TAC cases opened for this and some similar errors, generally they're caused by a Client going to sleep, leaving the coverage area or otherwise leaving the WLC while ISE is trying to do something with it.
Only worry if you actually have a Client-impacting problem, which by the sounds of it, you don't.

5417 Dynamic Authorization failed

Hi guys,
Does anyone meet this Radius Error in Cisco ISE 1.2 and the switch 2960 12.2(55)SE7 ?
When i reauthentication the guest profile to the other profile using Radius CoA on the Self-Service Guest Workflow.
The error is :
Event
5417 Dynamic Authorization failed
Failure Reason
11103 RADIUS-Client encountered error during processing flow
Resolution
Do the following: 1) Verify shared secret matches on the ISE Server and corresponding AAA Client, External AAA Server or External RADIUS Token Server. 2) Check the AAA Client or External Server for hardware problems. 3) Check the network devices that connect the AAA peer to ISE for hardware problems. 4) Check whether the network device or AAA Client has any known RADIUS compatibility issues.
Root cause
RADIUS-Client encountered an error during processing flow
I checked all the resolution steps but the error sitll exsit.
I would greatly appreciate any help you can give me in working this problem

An internal error has been detected during the processing of an incoming RADIUS packet. Make sure that the client device is compatible with AD Agent, has been configured properly, and is functioning properly. Make sure that the same RADIUS shared secret has been properly configured, both in the client device and in AD Agent.
http://www.cisco.com/c/en/us/td/docs/security/ibf/setup_guide/ad_agent_setup_guide/ibf10_log_msgs.html

Dynamic Authorization Failed: DiconnectNAK

I have WLC 7.6 and ISE 1.2 Patch 6.
My use case is WLAN Guest Access with CWA. I have ISE Appliance 3395 (2 Admin/Mon, 2 PSN). Everything work fine so far.
But from time to time I get these strange message (it does not matter if I do a manual Session termination in the Operations Tab) Everything is configured in the right way, since normal CWA works (CoA is working fine, but not always...).
Here the corresponding Log-Entry:
0000001241 2 0 2014-02-28 11:11:37.241 +01:00 0000106595 5417 NOTICE Dynamic-Authorization: Dynamic Authorization failed, ConfigVersionId=53, Device IP Address=a.b.c.d, Device Port=42121, DestinationIPAddress=a.b.c.d, DestinationPort=1700, RadiusPacketType=DisconnectRequest, Protocol=Radius, RequestLatency=3, NetworkDeviceName=xx-WLC01, NAS-IP-Address=172.16.226.26, Calling-Station-ID=1C:AB:A7:96:7B:99, Acct-Session-Id=53105c2a/1c:ab:a7:96:7b:99/336136, Acct-Terminate-Cause=Admin Reset, Event-Timestamp=1393582297, cisco-av-pair=audit-session-id=ac10e21a00052f6953105f07, AcsSessionID=ise-04/182359788/9392, Step=11044, Step=11017, Step=11100, Step=11101, Step=11048, NetworkDeviceGroups=Location#All Locations#xx_VPN, NetworkDeviceGroups=Device Type#All Device Types#Wireless Devices#WLC Foreign, CPMSessionID=ac10e21a00052f6953105f07, EndPointMACAddress=1C-AB-A7-96-7B-99, Location=Location#All Locations#xx_VPN,
Has anybody ever had the same expirence, or is this a know issue?
Thanks for feedback!

Please go through the link below for best practice.
http://www.redelijkheid.com/blog/2013/4/2/cisco-ise-change-of-authorization-coa-not-working

Authorization fail with CATS Bapi's on InfoTypes

Similar Messages

Maybe you are looking for