Security

For a guest solution, I have

- 1 x Web Login page (Page 'a')

- 1 x Web Login page (Page 'b')

Based on successful auth and submission on Page 'a' I need one expire time set to guest account created.

And a different altogether for Page 'b' submission.

In Guest Manager I can see 'Modify Expiration Options'

I've set two types here,

'today 1730'

'3m' (was no other example of 'month' in the list.. so im hoping the system can parse 'm' and denote is as 'months' ?)

Would I would like to do is tie these two different variables and enact them (as hidden field in the page, with initial value set perhaps) on web login submission.

Thoughts anyone ?

It is not fully clear to me what you want to do. The expiration (date) is set during the creation of the guest account, not on the Web login page. The Web login page just authenticates the user. Also if you are using the 'expire_after', which allows you to provide for example 10 hours of access after first login, is set during the account creation.

You create guest accounts either in the ClearPass Guest WebUI by an administrator, or you let people create their own guest account in a Guest Self-Registration workflow. 

Or are you asking about the re-authentication timeout, that guests that login on page 'a' need to re-authenticate after x amount of time and guest that login on page 'b' need to re-authenticate after y amount of time?

Can you please clarify what you try to achieve? Maybe with an example of the used/desired workflow?

Simple.

Guest Web login page for 'VISITORS' login to one web login page (based on auth details with scratch cards).  Expiry one value.

Separate guest web login page for 'RESIDENTS', (based on auth off a SQL DB).  Expiry a different value.

Each login success off different web login page's, to evoke guest creation but with different expiry periods.

In that case you only need a single guest login page. If a visitor logs in, he is authenticated to the guest user database where you set the expiration on the account when you generated the scratch card.

If you have the same authentication service authenticate also to your SQL database, residents can log in as long as the SQL database allows them access.

The account expiration is done in the authentication source, not in the Web login page.

If you really want two different Web login pages, that can be done, but is is not required and in most cases more difficult for the end-user.

There are no accounts created from a Web login page.

Please try to contact your Aruba partner or Aruba TAC as they can work with you interactively to find out what is needed and help you configure it.

Understand there are no accounts created from a web login page.

But I need differentiating logic from a successful form submit/login from one web login versus another... ideally...rather than a single page....

I can redesign it to be one page....  (Where authenticate source is both Guest DB (via scratch cards) as well as SQL DB).. if I can differentiate expire time based on auth source instead.

I'll work with Aruba TAC and see what pivoting we can based on different web login page.. and provide the solution against this thread when I get it...