Security

last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CP Guest problems (Self Service Area and reset password)

This thread has been viewed 1 times

  • 1.  CP Guest problems (Self Service Area and reset password)

    Posted May 27, 2013 06:14 AM

    Hi,

     

    I got a problem with CP Guest and and the Self Service Area + reset password.

     

    I can create a user and log in, no problem. But when I try to go to the Self Service Area, I can logon, the page loads (I can see username, ip address) but after I can see an error page 310 "This webpage has a redirect loop".

     

    Same problem with the reset password, after I entered my username and click reset button, I am pushed to a page with the 310 error.

     

    Any idea ?

     

    ClearPass Guest 6.1.0.24441

     

    Regards

     

    Dimitri



  • 2.  RE: CP Guest problems (Self Service Area and reset password)

    EMPLOYEE
    Posted May 28, 2013 01:32 AM

    Dimitri,

     

    What version of CPPM are you using?

     

    Go to the plungin manager under "Home » Administration » Plugin Manager" click on ClearPass guest Services and in the logging drop down enable debugging.

     

    Try to rerunning the same process and see what errors if any are being posted. 

     

    Are you doing any customization of the web pages? Try just doing a plain guest self Reg with the self service enabled and see if you get the same error.



  • 3.  RE: CP Guest problems (Self Service Area and reset password)

    Posted May 28, 2013 02:03 AM

    Hi,

     

    CCPM version is 6.1.0.50820. 

     

    I will try to see debug and test with plain guest self reg and come back with more information.

     

    Thanks.

     

    Dimitri



  • 4.  RE: CP Guest problems (Self Service Area and reset password)

    Posted May 28, 2013 02:30 AM

    Here is 2 more things about this problem.

     

    First, if I do all this thru my internal network (I mean by reaching directly the IP of the CP server), it works fine. I can access the Self Service area, change my password and reset it.

     

    Secondly, if I do the same thru the Wi-Fi, I can logon and go to the web but no access to the Self Service area, password or reset. I can see this on the URL : .../guest/auth_login.php?target=%2Fguest%2Fsecurity_warning.php%3Fwarning%3Dcsrf

     

    And in CP Guest debug : Security Error: Detected a possible "Cross-Site Request Forgery (CSRF)" attempt

     

    Client:    Public IP:63209
Script:    /guest/guest_service.php
Function:  NwaValidateCsrfToken
Details:   array (
  'username' => NULL,
  'SERVER_ADDR' => 'Internal IP',
  'SERVER_PORT' => '80',
  'SERVER_NAME' => 'mycpserver',
  'SERVER_PROTOCOL' => 'HTTP/1.0',
  'REQUEST_METHOD' => 'GET',
  'SCRIPT_URI' => 'http://mycpserver.ch/guest/guest_service.php',
  'HTTP_HOST' => 'mycpserver.ch',
  'HTTP_REFERER' => NULL,
  'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36',
  'REMOTE_ADDR' => 'Public IP',
  'REMOTE_PORT' => '63209',
)

     

    Any idea about it ?

     

    Thanks

     

    Dimitri



  • 5.  RE: CP Guest problems (Self Service Area and reset password)

    EMPLOYEE
    Posted May 28, 2013 05:25 PM

     

     

    @Boxcar wrote:

    Here is 2 more things about this problem.

     

    First, if I do all this thru my internal network (I mean by reaching directly the IP of the CP server), it works fine. I can access the Self Service area, change my password and reset it.

     

    Is this on just a wired connection?

     

    Secondly, if I do the same thru the Wi-Fi, I can logon and go to the web but no access to the Self Service area, password or reset. I can see this on the URL : .../guest/auth_login.php?target=%2Fguest%2Fsecurity_warning.php%3Fwarning%3Dcsrf

     

    And in CP Guest debug : Security Error: Detected a possible "Cross-Site Request Forgery (CSRF)" attempt

     

    Client:    Public IP:63209
Script:    /guest/guest_service.php
Function:  NwaValidateCsrfToken
Details:   array (
  'username' => NULL,
  'SERVER_ADDR' => 'Internal IP',
  'SERVER_PORT' => '80',
  'SERVER_NAME' => 'mycpserver',
  'SERVER_PROTOCOL' => 'HTTP/1.0',
  'REQUEST_METHOD' => 'GET',
  'SCRIPT_URI' => 'http://mycpserver.ch/guest/guest_service.php',
  'HTTP_HOST' => 'mycpserver.ch',
  'HTTP_REFERER' => NULL,
  'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36',
  'REMOTE_ADDR' => 'Public IP',
  'REMOTE_PORT' => '63209',
)

     

    What are you using for WiFi?

     

     
    Typically the error you are see is releated to the certificate. You are presenting a page with a different value in the cert than what the client is seeing.  I will speak with engineering and see what I can come up with. 

     

     

    Any idea about it ?

     

    Thanks

     

    Dimitri


     



  • 6.  RE: CP Guest problems (Self Service Area and reset password)

    Posted May 29, 2013 02:09 AM

    Is this on just a wired connection?

     


    Right, it's on a wired connection but without Aruba devices.

     

    What are you using for WiFi?

     


    What do you mean ? And about the certificate, I use the one provide by Aruba.

     

    Thanks for your help.

     

    Dimitri



  • 7.  RE: CP Guest problems (Self Service Area and reset password)

    Posted Jul 02, 2013 05:17 AM

    A little up for this case. Troy, did you get the possibility to speak with engineers ?