09-22-2013 06:56 PM
I have a IAP guest SSID working with Clearpass Guest however when I enable HTTPS redirection in Clearpass, clients encounter a redirect loop and are unable to authenticate.
I've also tried sending sending clients direct to httpsby changing the captive portal port to 443 however the IAP fails to use SSL for the connection. You cannot enter a fully qualified captive portal URL in IAP unlike the method used in the regular controllers.
Can IAPs support a https captive portal?
Solved! Go to Solution.
09-22-2013 07:41 PM
So with the https requirement disabled in Guest->Configuration->Authentication, and IAP config set to port 80 I do get the logon page.
If I change the captive portal port in IAP to 443 and a redirect loop on the client.
If I leave the captive portal port setting at 80 then clearpass sends a HTTP 302 to redirect to https and I get a redirect loop on the client.
09-24-2013 12:27 PM
Sounds like a config issue with the certs/public cert...or OSCP check from the client.
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
09-24-2013 03:09 PM
So it's the exact same client and clearpass config being used for a captive portal via a 7210 controller - and that works.
When a client is redirected from an Instant VC we encounter the problem.
In the 7210 you specify a https URL directly. In IAP you don't seem to be able to, so Clearpass Guest has been set to do it via
Configuration->Authentication->Require HTTPS for guest access. When this is unticked, captive portal from the IAP works.
A redirect loop kind of makes sense, since the VC is redirecting any http from the client, and then clearpass tries to redirect the client to https, which is then redirected to http via the VC and so on..
09-24-2013 05:16 PM
Well the issue is still there, I've just been describing the problem in a bit more detail.
Instant should be able to handle redirection by clearpass as per ArubaOS.