01-10-2017 04:29 PM
Hello, I configured a Single-SSID onboarding solution for a demo, Im using ClearPass 126.96.36.199015 and an Aruba 7005 as the controller.
The user connects with credentials stored in the CP local DB to the SSID and once the web browser is opened it attempts to redirect to "https://<cp>/guest/device_provisioning.php" but after a few seconds it shows the "this page can't be viewed" (IE) or "ERR_TOO_MANY_REDIRECTS" (Chrome) error.
Access Tracker shows an ACCEPT login status so, where could the issue be?
Here is my Onboard configuration information:
- Oboard is configured as Root CA.
- Aruba Local Cert Auth.
- Onboard Network Settings:
- Network name: Segura Empleados.
- SSID CP_Onboard configured.
- Auto join checked.
- TLS as Windows auth protocol.
- Machine and user as Certificate store.
- Onboard Config Profile Settings:
- Networks: Segura Empleados.
- Onboard Provisioning Settings:
- name: Aprovisionamiento de dispositivos xxxxx.
- Organization: xxxxx.
- Cert Authority: Aruba Local Cert Auth.
- Configuration Profile: Default.
- Supported Devices: Win devices enabled.
- Web login page>name: device_provisioning
- Onboard Client>Provisioning Address: <ip of clearpass>(Management Port).
- Validate Certificate: No, do not....
Onboard Services on ClearPass:
- 3 enforcement profiles:
- Pre provisioning with Aruba controller firewall role of BYOD-Provision.
- Post provisioning with Aruba controller firewall role of authenticated.
- 3 enforcement policies.
- 3 services.
- 1 role mapping policy.
- Security>Access Control> User Roles>BYOD-Provision
- Captive Portal Profile: Onboarding.
- Authentication>L3 auth>Captive Portal Auth>Onboarding
Any help would be greatly appreciated. Thank you
Solved! Go to Solution.
01-10-2017 04:46 PM
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
01-10-2017 11:54 PM
What is happening is that the requests going to your ClearPass server are redirected as well, that results in a redirect loop. As Troy mentioned, you need to create an exception to allow traffic to ClearPass without redirection in the role that users are in when they need to onboard.
Check this article https://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/Preventing-too-many-browser-redirects-during-guest-access/ta-p/17173, then the second half is how to configure your controller.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).