When using an Aruba controller rather than Cisco, you would enforce the redirect in a different way. Rather than pass the URL back as you do with Cisco, you'd pass back an Aruba-User-Role VSA. This would place the user in a role on the controller. Then you'd configure the role with a Captive Portal profile which would contain the redirect. OR, if this is a dedicated SSID for onboarding you would just make the initial-role for the AAA profile one that has a captive portal profile assigned.
Here is an example:
aaa authentication captive-portal "onboard-cp-profile"
default-role "you define a post authentication role; but doesn't usually come into play for onboarding"
server-group "clearpass-server-group"
redirect-pause 1
protocol-http
auth-protocol MSCHAPv2
login-page "http://ipaddress-of-cppm/guest/device_provisioning.php"
user-role "onboard-redirect-role"
captive-portal "onboard-cp-profile"
access-list session logon-control
access-list session captiveportal
*make sure you allow http to your clearpass server in either logon-control or captiveporal access-lists (before the redirection entries or you'll end up in a loop)
*make sure your server group for Clearpass has server rules defined to see and assign the VSA Aruba-User-Role