ISE 1.1.1 - User Accept Policy keeps returning
Hello there
I have an ISE 1.1.1 setup, with a guest portal. The AD can be used to log onto this portal, and the Guest Portal Policy Configuration is on First Login.
However, every time a AD user logs in on the portal, he has to accept the User Accept Policy. Is this a bug? Or is there a configuration error?
Greetings
Steve,
It should be able to redirect users based on the username and device that they are authenticating from, if you look at the endpoint there is an attribute that is AUP specific once that is set to yes, the profiling database should have this flag set so it isnt redirected to the AUP after login.
In your authorization profile is the client being redirected to another authorization policy after CoA?
Please post screenshots of the authorization policy, the endpoint attribute, and the authentication events....
Thanks,
Tarik Admani
*Please rate helpful posts*
Similar Messages
-
OU Group Policy over-riding User Group Policy
I'm using ZfD 4.01 ir7 and have a restrictive Group Policy applied at the
OU level. I've created a less restrictive Group Policy and assigned it to
a user within the above mentioned OU but the settings are not
taking...the OU Group Policy is over-riding the user Group Policy. The
appropriate rights have been assigned and this configuration is working
for other users/OUs in the tree. I've run a dsrepair against this
partition and no errors were reported.
Any suggestions to resolve this would be greatly appreciated.
RyanPaulr,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Deny user based policy for a specific computer
I have a user based policy that deploys software for specific users when they log in to their Windows 7 workstations.
Some of these same users also have login access to a test server. I am trying to prevent the software deployment policies from being processed when users login to this test server. I have denied the 'read' and the 'Apply group Policy' security settings
to the test computer, but since it is a user based policy I believe these computer level denies are being ignored.
I have looked into loopback processing but I cannot grasp how it would fit in to my environment. Do I enable the loopback processing in the same policy that deploys the software?
Any suggestions?Use loopback merge in the policy of the software that I want to keep? Or in the Policy I want to deny?
I finally got it to work.
I moved the computer object to a new OU and blocked inheritance.<o:p></o:p>
I created a new policy that only has Loopback Policy enabled (replace).
I linked that new policy to the OU that has the test server.<o:p></o:p>
I removed any loopback processing settings from any other policies. I left them at 'Not Configured'.<o:p></o:p>
For the software I was trying to block I modified its security permission to read DENY for the computer object (Computer Name) of the test computer
. ('Apply group policy' was left blank).<o:p></o:p>
I then linked all other software deploy policies to this new OU and modified the security filtering from authenticated users to whichever users specifically
needed the software.<o:p></o:p>
Ran Gpresult /R /scope computer and verified that the only computer policy the server was receiving was my loopback policy<o:p></o:p>
Reboot test server.
<o:p>Thanks everybody for your help!</o:p> -
User Acceptance Client role setting
What are the pros and cons of setting the User Acceptance Test client role parameter to P (Production) rather than T (Test). I thought that it should be set to P to mirror the settings for the Production client. Note: settings found in T000 Table
If you set the client role to Production, then it will be counted as a productive client for licensing purposes by SAP. That could have a financial impact. Also, I think you are only supposed to have one productive client per installation number, though I don't know if this is an actual technical limitation.
You are correct that as a Test client there are a few things which will behave differently than in a Production client, but these are mostly immaterial for user acceptance testing purposes. For the vast majority of business functions, there will be no difference.
So, I would advise setting the client role to Test. Do set it to 'not modifiable,' however, so that changes are forced to be made via the transport system, the same as production, and thus generally keeping the configuration in better sync with Production.
--m -
Where do I get all SAP WM transaction codes for user acceptance test ?
Hello experts,
Where do I get all SAP WM transaction codes for user acceptance test during cutover activities?
I need the list of transactions.
Thanks in advanceHi,
You can download through Solution Manager also. If ASAP is installed in your computer, you can download all the standard transactions, otherwise let me know your id, i will send it to you.
Aktar -
How to get user input to keep in array in the form of int[]?
I really want to know how to get user input to keep in an array. Or if it's impossible, can i use the value in "int" and transfer it to an array?
What I understand is that you want to set an input from the user in an array of int.
Here is how it work:
1. Create a stream and a buffer to get and store the informations entered by the user:
BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));
2. Set this input in a String:
String input = stdin.readLine();
3. Set this string in an int:
int userInput = Integer.parseInt(input);
4. Then you can put this int in the array.
Warning this code throws IOExceptions and NumberFormatException ( when you try to set letters as int ). But you can catch them easily. -
User acceptance testing in multi-tenant setup
How do most people do their User Acceptance Testing/QA on the Staging environment given that the availability is not guaranteed?
Yes, Even We tried logging a Service Request to refresh our CTE environment back to vanilla flavor.Which we used for lot of demo purposes. But they told that they don't refresh the CTE environment user has to take care of. And you don't get back the out of the box funcltionality.
-
Application User Passsword Policy
Hi,
I am using Oracle APPS 11i.
How can I incorporate Special character as mandatory in Application user Password policy.
ThanxCheck Note: 362663.1 - How to implement (Signon Password Custom) Profile Option in Oracle Applications 11i
https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=362663.1 -
Anyone help with linking a bank account to your apple id. The form wants a phone number I only have a UK mobile number and it doesnt sem to want to accept it keeps l;ooping me back to entering a phone number.
If you are trying to setup a charge card number on the Apple Store - make sure you are in the Correct country site - icon bottom right last time I saw it - where you can change country.
-
ASA auth-prompt prompt Please login: doesn't display the âuser acceptance a
The following example shows the output of the show running-config auth-prompt command:
hostname(config)# show running-config auth-prompt
auth-prompt prompt Please login:
auth-prompt accept You're in!
auth-prompt reject Try again.
hostname(config)#
I have to have a âuser acceptance agreementâ when logging in to VPN on a Cisco ASA 5520 ver7.2(3) I have configured it properly but when I login I never get the prompt
XXXXXX/pri/act# show running-config auth-prompt
auth-prompt prompt Please login:
auth-prompt accept You're in!
auth-prompt reject Try again.We are using the ASA like a VPN Concetrator. I have it set up were users login to it and establish a VPN and authenticate against an RSA token server.
The routing and the tunnels work fine and the users do get authenticated but they never receive a propmt banner or what ever you want to call it like they do when they logon via 3030 or similar.
I even tried as you suggested and used this config they should get a banner after a successful logon but they dont. Any ideals?
banner login =====================================================================
banner login You are attempting to connect to a restricted system. Connections
banner login to and from this system are logged. Please disconnect now if you
banner login are not an authorized user of this system.
banner login ===================================================================== -
Customizing User Name Policy OOTB Plugin
Hi
I want to use the User Name policy generation plugin to generate the user id for an oim user. But the requirement is that we have to create the User ID with Preferred Name(not with first name) and Last Name and the issue is that in the code we cannot get the attribute other then the attribute coming in the HashMap. So the question is , Is there any way in which we can pass this UDF to that hashmap or can get the value in the code?
Please note Preferred name is a UDF and coming from the trusted Source.
Thanks in AdvanceMaybe i've partially solved the issue, I've noted that during the user creation procedure the username field is mandatory in the for so I must specify a value.
Maybe the validation procedure of the OOTB username policy returns alway a true value so the field is always converted in UPPERCASE and the username generation rule is never called
How can i set a non mandatory account name field ? -
PAC Provisioning Fails Without End-User Accepting PAC Pop-up
We have lots of workstation on wheels. We use EAP-Fast with Cisco ACS for authentication. When a user isn't in front of the WOW and the PAC pop-up times out, it disables the WOW and causes problems.
Has anyone used some form of auto-accept method with the Intel PRO-Set so as to not require end-user acceptance of the PAC pop-up message?The provisioning of the Machine PAC, which is needed for machine context connections, is accomplished using the server certificate or machine security identity (SID). Machine PACs are only supported in newer versions of authentication servers (ACS 4.0 or later) which have been upgraded to support EAP-FAST v1a.
To make a make a machine connection before the PAC has been provisioned, the CA certificate used to trust the server certificate must be placed in the proper Windows Certificate Store (Local Computer-Trusted Root Store).
The host must also provide these machine credentials:
â¢Active Directory provided machine certificate. The authentication method must support the use of a certificate to provide machine client credentials - the server must be appropriately configured to call for an inner tunnel method of TLS.
â¢Active Directory provided SID (password). The authentication method must support the use of a password to provide machine client credentials.
Finally, the FAST authentication server must be configured for auto creation of administrator's unique machine PAC information.
http://www.cisco.com/en/US/docs/security/cta/2.1.103.0_supplicant/admin_guide/ctaSuppl.html#wp1026518 -
LMS 4.2 compliance reports for the User-Defined Policy Groups.
Dear team,
I need your help to know if i will be able to export compliance reports in PDF or CSV for the User-Defined Policy Groups.
I have checkedk the reports tab and i was able to export compliance reports in PDF format inly for the system defined policies but i couldn't i find any option to export these reports for the a user defined compliance policy.
Kindly let me know if this is possible.
Regards,
MuhannadDears,
Do anyone have an idea about this question?
Regards,
Muhannad -
Doubt regarding User Name Policy
Hi,
I have a requirement where I have to generate User Login based on First Name,Last Name and Employee Number(Employee Number generated in pre-process event handler). We have trusted recon in place. So. I opted for User Name Policy. I have written custom code and implemented it as per instructions in Article ID:[ID 1228035.1].
But when I create a User through UI, User name policy is getting triggered ahead of Employee Number pre-process handler. And as a result, Employee number is generated as NULL. How can I change this order of triggering between User Name policy and Employee Number pre-process handler?
Also how exactly is this User Name policy triggered? Is it an event handler? If it is a pre-process event handler, how will it trigger for trusted recon as trusted recon supports only post-process event handlers?
Thanks
DPKHi,
Any suggestions on this please. -
User group policy turns "display last user" to "ON"
Hello to all,
I distribute a simple local user group policy to turn off the "Action Center" at the System tray.
Every time I do this, the "last...Search policy includes groups.
User is only in one group.
Still the same problem.
The tree is very simple, one O and one OU. All policies and users are in
the OU.
Ian
"Ian Russell" <[email protected]> wrote in message
news:hn_Tc.3065$[email protected]..
> Hi Craig,
>
> I will check that out. It may be the multiple group membership that is
> causing the problem....
>
> "Craig Wilson" <[email protected]> wrote in message
> news:[email protected]..
> > 1) Check to make sure you have a search policy defined and that search
> policy
> > includes groups.
> >
> > 2) Make sure that ONE and only ONE group a user is assigned to has a
> policy
> > assigned. Multiple Group Memberships that contain policies will result
in
> > seemingly random results. Due to the complex nature of events when
users
> belong
> > to multiple groups that contain policies, Novell actually recommends
> against the
> > use of policies for groups. It can be done, but just be sure the limit
is
> > maintained.
> >
> > Ian Russell wrote:
> >
> > > Hi,
> > > I have ZfD3.2 (SP3) on a NW 6.0 (SP5) server. The user group policy
does
> not
> > > get applied to members of a NetWare group. If I apply it to a user
> object it
> > > works.
> > > Any ideas?
> > > Ian
> >
> > --
> > Craig Wilson
> > CNE3, 4, 5 - MCSE - CCNA
> > NSC Sysop (http://support.novell.com/forums/)
> >
> > Tech Writer - http://www.ithowto.com
> > (I Peter 4:10)
> >
> >
>
>
Maybe you are looking for
-
My 4th Gen iPod Nano isn't displaying a "Use iTunes to restore" message, but iTunes is displaying a restore message when I connect it. I have original music that I can't back up on my iPod. Is there any way that I can fix the iPod without restoring i
-
Ipod Classic Buffer Overload with apple lossless
My 160GB Classic occasionally pauses or stalls for a few seconds much like the buffer is overloaded and is reloading. The pause is intermittent (never the same place in same song), it lasts about 2 seconds then the song resumes right where it left of
-
Hi. I am trying to do a little film out of some still images I shot recently. However, after importing these images into final cut they all look blurry. When I am doing the same in imovie, I get a good result. What is the problem? How can I fix it? T
-
I have a G4, 400mhz, 512mb ram, OS9, that I want to install OS 10.4.6 onto. What is the best way to go about this from square one to avoid any problems that it may come about? Any help would be appreciated.
-
USB Connection failed or broken - power problem?!?
Hi, I had problems with Windows and my iPhone. First it sometimes did not find the iPhone. I checked all the drivers as described on the Apple page, but everything was OK. I deinstalled iTunes and reinstalled it: still no connect. I booted several ti