Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎11-22-2016

CP OnBoard not redirecting to portal on single SSID

Hello, I configured a Single-SSID onboarding solution for a demo, Im using ClearPass 6.6.0.81015 and an Aruba 7005 as the controller.

The user connects with credentials stored in the CP local DB to the SSID and once the web browser is opened it attempts to redirect to "https://<cp>/guest/device_provisioning.php" but after a few seconds it shows the "this page can't be viewed" (IE) or "ERR_TOO_MANY_REDIRECTS" (Chrome) error.

 

Access Tracker shows an ACCEPT login status so, where could the issue be?

 

Here is my Onboard configuration information:

  • Oboard is configured as Root CA.
    • Aruba Local Cert Auth.
  • Onboard Network Settings:
    • Network name: Segura Empleados.
    • SSID CP_Onboard configured.
    • Auto join checked.
    • TLS as Windows auth protocol.
    • Machine and user as Certificate store.
  • Onboard Config Profile Settings:
    • Networks: Segura Empleados.
  • Onboard Provisioning Settings:
    • name: Aprovisionamiento de dispositivos xxxxx.
    • Organization: xxxxx.
    • Cert Authority: Aruba Local Cert Auth.
    • Configuration Profile: Default.
    • Supported Devices: Win devices enabled.
    • Web login page>name: device_provisioning
    • Onboard Client>Provisioning Address: <ip of clearpass>(Management Port).
    • Validate Certificate: No, do not....

Onboard Services on ClearPass:

  •  3 enforcement profiles:
    • Pre provisioning with Aruba controller firewall role of BYOD-Provision.
    • Post provisioning with Aruba controller firewall role of authenticated.
  • 3 enforcement policies.
  • 3 services.
  • 1 role mapping policy.

Controller configuration:

 

Any help would be greatly appreciated. Thank you

Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: CP OnBoard not redirecting to portal on single SSID

you need to add the clearpass IP to the logon role
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 447
Registered: ‎11-04-2011

Re: CP OnBoard not redirecting to portal on single SSID

What is happening is that the requests going to your ClearPass server are redirected as well, that results in a redirect loop. As Troy mentioned, you need to create an exception to allow traffic to ClearPass without redirection in the role that users are in when they need to onboard.

 

Check this article https://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/Preventing-too-many-browser-redirects-during-guest-access/ta-p/17173, then the second half is how to configure your controller.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
Occasional Contributor II
Posts: 11
Registered: ‎11-22-2016

Re: CP OnBoard not redirecting to portal on single SSID

Thank you Troy! I followed the steps on a Lab guide but the controller was preconfigured so I had to figure out what to do on that part.

Occasional Contributor II
Posts: 11
Registered: ‎11-22-2016

Re: CP OnBoard not redirecting to portal on single SSID

Thank you Herman, the link you provided was really helpful, my service is now redirecting to the portal.

Search Airheads
Showing results for 
Search instead for 
Did you mean: