Security

I've gotten some tickets from users who are attempting to access our captive portal SSID, and when the CP redirect occurs they are sent to https://www.google.com.  When this happens, they get a cert error and cannot proceed to the logon page unless they attempt to go to an http page instead.  It appears that Google Chrome has removed the ability to set a homepage manually in version 51.0.2704.81.  It seems in this new version the default page when opening a new tab is https://www.google.com or a blank page showing your most recent/viewed pages.

I see there is an option under the Authentication -> L3 Authentication -> Captive Portal section called "Use HTTP for authentication".  

I am wondering if enabling this feature would solve the above scenario. Short of telling users to use a different browser, that is.

You could do that, but guest credentials will be sent in the clear.

One thing you can try is to create a redirect page inside ClearPass that redirects to your self-reg/weblogin.

Point the controller to that initial redirect page using HTTP.

Well the guest credentials are simply their email address with no validation.  So I'm not sure if that is a huge security concern.  If enabling this feature would bypass the redirection to https://www.google.com than we may go ahead and do that.

Thanks!

You are not redirected to www.google.com; www.google.com is redirected to your captive portal and that is causing the warning.

Check this blog post for the why and how; and some suggestions for a workaround.

Herman