Field Notice: FN - 63635 - Cisco Identity Services Engine - Database Corruption When Google Chrome Is Used With The Administrative User Interface - Workaround Provided

Available Languages

Updated:October 11, 2017

Document ID:FN63635

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Publish Date	Comments
1.0	10-Apr-13	Initial Release
10.0	11-Oct-17	Migration to new field notice system

Products Affected

Affected OS Type	Affected Release	Affected Release Number	Comments
NON-IOS	1	1.0,1.0MR,1.1,1.1.1,1.1.2,1.1.3

Defect Information

Defect ID	Headline
CSCuc48613	Google Chrome can cause re-ordering of Authorization Policy rules

Problem Description

Google Chrome is not a supported browser for use with the Administrative User Interface of the Identity Services Engine (ISE), Version 1.1.3 and earlier.

If an authenticated admin user uses Google Chrome to edit the Authorization Policy rules on the policy page, this might result in an incorrect order of policy rules; this incorrect order might impact authorization of end users.

This issue is limited to authenticated admin users with permissions to manage ISE polices. This issue does not apply to end users that use Chrome for web authentication for network access.

Background

In ISE Version 1.1.3 and earlier, use of Google Chrome to edit Authorization Policy rules when 11 or more rules exist might cause the policy rank to be incorrectly reordered. In order to restore the correct order, the Technical Assistance Center must execute SQL scripts on the affected ISE node.

Problem Symptom

Ordinarily, Authorization Policy rules are in order above the default rule. After the rules are edited and saved, they are out of order and might even be below the default rule.

Workaround/Solution

Do not use Google Chrome with the ISE Administrative User Interface. If Google Chrome is used and the symptoms described in this field notice are present, contact the Technical Assistance Center in order to correct the order of the Authorization Policy rules on the policy page and correct the associated database.

This is a list of supported Administrative User Interface browsers: http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html#wp60720

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

This Document Applies to These Products

Identity Services Engine Software