07-29-2016 12:54 PM
I've gotten some tickets from users who are attempting to access our captive portal SSID, and when the CP redirect occurs they are sent to https://www.google.com. When this happens, they get a cert error and cannot proceed to the logon page unless they attempt to go to an http page instead. It appears that Google Chrome has removed the ability to set a homepage manually in version 51.0.2704.81. It seems in this new version the default page when opening a new tab is https://www.google.com or a blank page showing your most recent/viewed pages.
I see there is an option under the Authentication -> L3 Authentication -> Captive Portal section called "Use HTTP for authentication".
I am wondering if enabling this feature would solve the above scenario. Short of telling users to use a different browser, that is.
07-29-2016 03:55 PM
You could do that, but guest credentials will be sent in the clear.
One thing you can try is to create a redirect page inside ClearPass that redirects to your self-reg/weblogin.
Point the controller to that initial redirect page using HTTP.
07-29-2016 03:59 PM
Well the guest credentials are simply their email address with no validation. So I'm not sure if that is a huge security concern. If enabling this feature would bypass the redirection to https://www.google.com than we may go ahead and do that.
07-30-2016 04:16 AM
Check this blog post for the why and how; and some suggestions for a workaround.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).