INC-2026-02-14-001: ISE SAML SSO Restoration

Incident Summary

Incident ID

INC-2026-02-14-001

Severity

Medium (Admin access impacted)

Detection

2026-02-14 ~18:00

Resolution

2026-02-14 ~19:30

Duration

~90 minutes

Status

Resolved

Successfully restored ISE Admin Portal SAML SSO authentication with Keycloak IdP after restoring ise-02 backup to ise-01. All configuration changes performed via Keycloak REST API - no GUI interaction required.

Timeline

Time Event

Time	Event
~16:00	Restored ise-02 backup to ise-01 (ISE 3.4 → ISE 3.4)
~17:30	Attempted SAML login - redirect loop detected
~18:00	Identified root cause: Keycloak SAML client redirect URIs point to `ise-02`
~18:15	Downloaded ISE SP metadata (keycloak_01.zip)
~18:30	Extracted Entity ID: `CiscoISE/a486c6ef-6c77-4bc1-bf6d-4e479b3aeae8`
~18:45	Verified Keycloak client exists with matching Entity ID
~19:00	Updated Keycloak client via REST API (ise-02 → ise-01)
~19:15	Tested SAML login - SUCCESS
~19:30	Documented resolution

~16:00

Restored ise-02 backup to ise-01 (ISE 3.4 → ISE 3.4)

~17:30

Attempted SAML login - redirect loop detected

~18:00

Identified root cause: Keycloak SAML client redirect URIs point to ise-02

~18:15

Downloaded ISE SP metadata (keycloak_01.zip)

~18:30

Extracted Entity ID: CiscoISE/a486c6ef-6c77-4bc1-bf6d-4e479b3aeae8

~18:45

Verified Keycloak client exists with matching Entity ID

~19:00

Updated Keycloak client via REST API (ise-02 → ise-01)

~19:15

Tested SAML login - SUCCESS

~19:30

Documented resolution

Impact

ISE Admin Portal SAML SSO unavailable for ~90 minutes
Local admin account (admin) remained available as fallback
No impact to RADIUS/802.1X authentication
No impact to pxGrid, ERS, or OpenAPI services

Metadata

Field	Value
Incident ID	INC-2026-02-14-001
Author	Evan Rosado
Date Created	2026-02-14
Status	Resolved
Category	Identity / SAML SSO

Field

Value

Incident ID

INC-2026-02-14-001

Author

Evan Rosado

Date Created

2026-02-14