Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Social Login with Cisco WLC

This thread has been viewed 0 times

  • 1.  Clearpass Social Login with Cisco WLC

    Posted Jan 09, 2017 03:12 PM

    I have configured Clearpass to work with a Cisco vWLC (running latest code) to work with 802.1x and guest accounts. But I am having an issue with with the social login part of this. Here is a breakdown: 

     

    User connects to the SSID

     

    User selects social login to auth against (google, facebook, ect..)

     

    Once the user is approved via the social network they are redirected to the Cisco internal login page (1.1.1.1) when they should be sent out to the internet. 

     

    once the user either selects "submit" or back they are then routed to the internet correctly. 

     

     

    Has anyone seen this before? 

     

    I have completely shut down the Cisco internal page but users are still sent there. I am trying to juggle both Aruba and Cisco TAC but thought this might be the best forum to place this question. 



  • 2.  RE: Clearpass Social Login with Cisco WLC

    Posted Jan 10, 2017 04:55 AM

    Hi,

     

    Do you have a destination configured for your social logins?

     

    2017-01-10 09_51_24-ClearPass_Guest_6.5_User_Guide.pdf - Foxit Reader.jpg

     

    Or set here?

     

    2017-01-10 09_52_20-ClearPass_Guest_6.5_User_Guide.pdf - Foxit Reader.jpg

     



  • 3.  RE: Clearpass Social Login with Cisco WLC

    Posted Jan 10, 2017 11:22 AM

    James,

    Thanks a ton for the reply, yes I have both of those configured. 

     

    When the the users are connected to the guest network the Aruba CPG page shows up fine, when they select a social media site to login via they are directed to that site (Twitter, FB, Google) but once their creds are accepted they should be sent to the company homepage that is configured in the Destination page that you pointed out, but instead they are directed to the Cisco's internal web auth page (1.1.1.1 virtual interface of the Cisco WLC), from there if the users click back they are then directed to the company homepage and I see them in Access Tracker and everything works. 

     

    I should also point out this is only occurring with Social Logins, if a guest is given creds from CPG everything works perfect. 

     

    After working with Cisco and Aruba TAC we found that for some reason either the WLC or CP is not sending a request intailly but once "back" is pressed from the 1.1.1.1 the request is then sent and accepted.

     

     

    Maybe this could be a timeout??? I just thought of that while typing this out

     

    Thoughts? 



  • 4.  RE: Clearpass Social Login with Cisco WLC

    Posted Jan 12, 2017 03:44 PM

    @rditzler Was TAC able to get you going?



  • 5.  RE: Clearpass Social Login with Cisco WLC

    Posted Jan 12, 2017 03:50 PM

    No, Cisco TAC has us pulling wireshark traces from the Controller and Aruba has been very firm that this is a Cisco issue. 



  • 6.  RE: Clearpass Social Login with Cisco WLC
    Best Answer

    Posted Jan 17, 2017 11:42 AM

    Got it figured out, the customer needed to purchase a cert in order to use https

     

    Thanks,

    Reid