AAA, NAC, Guest Access & BYOD

SSO Login to Guest Network not working on ClearPass after Upgrade from 6.5.x to 6.6.x or later

Aruba Employee
Problem:

After upgrading to 6.6.x or later from 6.5.x or earlier, SSO login to the guest network or login as guest operators using SSO stops working



Diagnostics:

The issue occurs because starting from Clearpass version 6.6.x onwards the SSO login is separated between Operator login to Guest/Onboard application  and Network Web Login access for Guest/Onboard.

The option for enabling  SSO as it appears on 6.5.x

 

 

Options as they appear for enabling SSO on 6.6.x

 

 

As you can clearly see we now have two separate options on 6.6.x one for Operator Logins and the other for Guest Web Login access.

Because we have to distinguish between the SSO login requests for Guest Login and Operator login the requests now come in with different Application:Name attribute.



Solution

The solution for this is to have a service that handles the SSO authentication requests that come in for both Guest and Guest Operators

 

The Application:Name in the incoming authentication request for Guest SSO requests

 

 

The Application:Name in the incoming authentication request for Operator login SSO

 

As we can see the attribute for Service Categorization between operator login sso requests and guest web login sso requests is different.

 

We need to make sure that we modify our services to handle both these requests if we have SSO enabled for both Operator login and Guest Web Login so that everything starts working.

 

 

Version history
Revision #:
2 of 2
Last update:
a week ago
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: