Security

Reply
Frequent Contributor I
Posts: 83
Registered: ‎09-08-2015

ClearPass Guest URL redirect following logon

I've setup ClearPass Guest with a simple Web Login page that clients get redirected to by an Aruba captive portal profile.

 

All is working as expected with iPhones and an old Android device using stock browser - clients get redirected to the original page they were trying to browse to with no issues.

 

Google chrome on android device, and IE 11 on Win 7 attempt to redirect the client to the originally requested URL, however they are appending '&arubalp=<various hex> and the client receives a 'Page not found' error.

 

Has anyone seen this behaviour before? Is there a known solution?

 

MVP
Posts: 371
Registered: ‎01-14-2010

Re: ClearPass Guest URL redirect following logon

Hi chrispchikin,

 

What role does the user have when they authenticate? I assume that this is different than your captive portal role?

 

-Mike

Frequent Contributor I
Posts: 83
Registered: ‎09-08-2015

Re: ClearPass Guest URL redirect following logon

Yes different roles, post authentication is effectively the allowall role.

 

Strange thing is, it doesn't always happen...

MVP
Posts: 371
Registered: ‎01-14-2010

Re: ClearPass Guest URL redirect following logon

Hi chrispchikin,

 

Can you share your Role Mapping and your Enforcement Policy tabs for this service?

 

Also, what version of ClearPass are you currently running?

 

-Mike

Frequent Contributor I
Posts: 83
Registered: ‎09-08-2015

Re: ClearPass Guest URL redirect following logon

Details below:

 

Role Mapping.png

Enforcement Policy.png

Frequent Contributor I
Posts: 83
Registered: ‎09-08-2015

Re: ClearPass Guest URL redirect following logon

CPPM version is 6.5.3.76733

MVP
Posts: 371
Registered: ‎01-14-2010

Re: ClearPass Guest URL redirect following logon

What is the default role for the Captive Portal profile in Aruba OS? Also, what Aruba user role is set by your "IP-Guest Guest Profile" Enforcement Profile?

 

-Mike

Frequent Contributor I
Posts: 83
Registered: ‎09-08-2015

Re: ClearPass Guest URL redirect following logon

 

 

The Guest enforcement profile sends a 'Guest-authenticated' user role attribute which is effectively the allowall role.

 

Default role in captive portal profile is denyall.

 

 

MVP
Posts: 371
Registered: ‎01-14-2010

Re: ClearPass Guest URL redirect following logon

Have you tried to remove the MAC address entry for the iPhone and the Android device from the Endpoints Repository? I would then remove the entry from the user-table on the controller. This will effectively zero out the IPhone and Android device and it will start the process from scratch. At that point, can you go through the process and see if you get presented a portal page?

 

Thanks!

 

-Mike

Frequent Contributor I
Posts: 83
Registered: ‎09-08-2015

Re: ClearPass Guest URL redirect following logon

Yes, been having to do that in order for the devices to not just be MAC authenticated.

Search Airheads
Showing results for 
Search instead for 
Did you mean: