AAA, NAC, Guest Access & BYOD

ClearPass captive portal integration with Meru controller

by ‎06-23-2015 02:21 PM - edited ‎06-23-2015 02:21 PM
Requirement:

When we try to integrate Meru controller for an external captive portal page with ClearPass and select the Vendor setting option in the web-login/self-reg page to Meru Networks, it does not work. This article explains about the settings required on CleaPass to make it work.



Solution:

Screenshots below are default setting (web-login/self-reg) pages.

OR

With the above settings you will find that the captive portal redirection/authentication is not working. So we need to make some configuration changes in the web-page.



Configuration:

To make it work, instead of selecting the Vendor setting option in the web-login/self-reg page to Meru Networks, do the following:

 

  • Select the Vendor Settings : Custom Settings
  • Submit URL as : https://{$h}/vpn/loginUser
  • ​Submit Method : POST
  • Username Field : userid
  • Password Field : password
  • Password encryption : No encryption
  • Extra Fields : url = ($url)

 

Also entering the login page URL on the Meru Controller, as the ClearPass Guest portal page (web-login/self-reg) might not work.

 

So the login URL that you need to set on Meru Controller would be "https://<hostname of contoller>/vpn/loginformWebAuth.html". The required code for the "loginformWebAuth.html" is mentioned below.

 

The Meru controller requires the following files added to their captive portal configuration.

 

loginformWebAuth.html:
<html>
<head>
  <title>Authentication Proxy Login Page</title>
</head>
<body>
<!--
  Replace [Login Link] below in the `var redirectUrl` line to the URL of the guest portal.
  Make sure you leave the "?url=^url^&switchip=" + host;" string at the end of the URL as this
  is how the clearpass login page knows which Meru controller to send the authentication
  request back to.  This also passes the original URL so we know were to send the user
  after they authenticate.  Working example:

  var redirectUrl = "https://clearpass.example.com/guest/guest_register.php?url=^url^&switchip=" + host;
-->
  <script type="text/javascript">
    var host        = window.location.hostname;
    var redirectUrl = "[Login Link]?url=^url^&switchip=" + host;
    document.write("<p>Redirecting... continue <a href=\"" +redirectUrl + "\">here</a></p>");
    location.href   = redirectUrl;
  </script>
  <noscript>
    <p>JavaScript is required to use this portal.</p>
  </noscript>
</body>
</html>

auth_web_ok.html:
<html>
<head>
  <title>Authentication Successfull</title>
  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  <meta http-equiv="REFRESH" content="0; url=^url^">
</head>
<body>
  Redirecting...
</body>
</html>



Verification

After making the configuration changes we saw that now captive portal redirection and authentication was working fine.

Comments
MVP MVP

Hi esupport,

 

Were you able to get MAC Caching to work on the Meru Controller with ClearPass?

 

Thanks!

 

-Mike

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.