Security

Reply
Aruba
Posts: 1,287
Registered: ‎08-29-2007

ClearPass - validate a guest's email address is real before giving access

When a user self registers, they can put in any old address, provided it contains an @ and dot.

 

Is there a way to make ClearPass check that the email address entered is actually valid before giving access?  And if it is not valid, redirect them back to the self-provision page.

 

Thanks


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: ClearPass - validate a guest's email address is real before giving access

You can customize the form to validate the email entry looking for certain values.  I would say that your best option is to have the password emailed to them (or SMS texted).  Don't give them a receipt page.  Give them a page with a link to the login page instead.

 

A third option is to use sponsored based registration

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Aruba
Posts: 1,287
Registered: ‎08-29-2007

Re: ClearPass - validate a guest's email address is real before giving access

[ Edited ]

ok, that's a reasonable option.

 

Can clearpass be set to do a quick DNS lookup on the user's email domain, to see if it is valid?

 

What about allowing the user access say 5 mins, so they can log onto their email and retrieve the password.  After the 5 mins is up, they are redirected again to the login page.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite
Posts: 8,444
Registered: ‎09-08-2010

Re: ClearPass - validate a guest's email address is real before giving access

[ Edited ]

In your enforcement policy, you can return an temporary role with access to mail and also add a Post_Authentication action with a session timeout to disconnect the user:

 

cp-session-timeout.PNG

 

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba
Posts: 1,287
Registered: ‎08-29-2007

Re: ClearPass - validate a guest's email address is real before giving access

Sorry, but I'm fairly novice at Clearpass, apart from basic setups.

 

What do I need to set in the Policy? Does the above mean that the user has to log back in every 5 mins?


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
MVP
Posts: 370
Registered: ‎01-14-2010

Re: ClearPass - validate a guest's email address is real before giving access

Michael,

 

Did you get this figured out? I'm working on the same thing right now?

 

Thanks!

 

-Mike

Aruba
Posts: 1,287
Registered: ‎08-29-2007

Re: ClearPass - validate a guest's email address is real before giving access

Hi boston1630,

 

Yes we did manage to get this working in the end.  It was proven with Aruba APs.  The solution is rather convoluted though works nicely.  Give me some time to go over it again and post back with the solution.

 

Thanks


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
MVP
Posts: 370
Registered: ‎01-14-2010

Re: ClearPass - validate a guest's email address is real before giving access

Hi Michael,

 

Convoluted with Clearpass?!? Get out of here! 

 

I would definitely appreciate it - thanks!

 

-Mike

Contributor I
Posts: 22
Registered: ‎04-02-2013

Re: ClearPass - validate a guest's email address is real before giving access

I'm tired of seeing a@a.com or 1@123.c, I wish there was a way so that the user had to validate that they are who they say they are.

Guru Elite
Posts: 8,444
Registered: ‎09-08-2010

Re: ClearPass - validate a guest's email address is real before giving access

Why not just hide the password from the receipt page and replace it with
text that says "the password has been e-mailed to you". Then give them a
link to the login page. This way they have to use a real email address (or
cell # for SMS)

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: