Security

Reply
New Contributor

ClearPass + "Single Sign-On" Link in SMS Receipt

Hello everyone,

 

I have setup Clearpass to provide a captive portal which will require the guest to input his name and phone number to access the network. The generated credentials will not be shown in the guest receipt but will only be sent via SMS, this to ensure the phone number actually exists. I have replaced the default login button in the receipt with a new one which redirects the user to the login page where he will use his new credentials to login.

 

Now the customer is requesting if we can somehow skip this last part, ie the user manually inserting user and pass to login.

What he would like to have is as follows:

 

1. register page -> name + phone number (already up and running)

2. upon registration, just a notification that the credentials are being sent via sms and no info or login button whatsoever displayed (easy peasy)

3. IN THE SMS RECEIPT - credentials + a link that will allow the user to perform some sort of single sign on, or a link to a page with a login button that will, again, allow automatic login without requiring the guest to manually input his credentials

 

Can this be accomplished somehow?

Guru Elite

Re: ClearPass + "Single Sign-On" Link in SMS Receipt

This wouldn't work because the login itself needs to happen on the device you're authenticating. So clicking a login link on a mobile device, wouldn't be able to log in your laptop.

Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: ClearPass + "Single Sign-On" Link in SMS Receipt

Mmh thank you, I hadn't thought of that..Since I know my customer is going to ask this next, let's say we accept this tradeoff and basically restrict access to tablets\smartphones with sms capabilities only for that particular SSID, would then the link thingy be technically doable?

New Contributor

Re: ClearPass + "Single Sign-On" Link in SMS Receipt

If you place this in the SMS 

 

-----------------------------------------------

Username: {$u.username|escape}
Password: {$u.password|escape}
{if $u.expire_time > 0}Expires: {$u.expire_time|nwadateformat:"iso-8601t"|escape}{/if}

Ensure you are connected to the <insert your SSID> WiFi network then click this link:

https://<FQDN>/guest/guest_login.php?username={$u.username|rawurlencode}&password={$u.password|rawurlencode}"

----------------------------------------------

 

It will auto populate the username and password for you

 

Regards

 

Ryan

New Contributor

Re: ClearPass + "Single Sign-On" Link in SMS Receipt

Thank you so much, it works!

New Contributor

Re: ClearPass + "Single Sign-On" Link in SMS Receipt

Hi Timson

 

Thank you for your support.

When I use your code for the link in my SMS Receipt, then the user gets to the CP Guest Login Page.

( ClearPass Guest 6.6.0.32527 on CP-HW-500 platform )

 

Link in SMS:

IMG_4560[1].png

 

Login page which appears after click on link:

IMG_4559[1].png

May the German Login Page be the problem !?

 

Kind regards from Switzerland,

 

Konrad

New Contributor

Re: ClearPass + "Single Sign-On" Link in SMS Receipt

We found the solution with inputs from different supporters. Thanks.

 

The name of the correct login php script depends on the  name of the register page.

We named our register page 'guest-sms'. In our case the correct link is:

 

https://wifi.foo.ch/guest/guest-sms_login.php?_browser=1&username={$u.username}&password={$u.password}

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: