Security

Reply
Regular Contributor I

Process of Captive Portal Authentication with ClearPass Guest

Hello guys,

 

I can't completely understand how captive portal authentication with ClearPass Guest works. Could anyone explain in more detail steps 3 to 5 of the below picture?

original.png

 

I have read something about in some point of the process the client sends the credentials directly to ClearPass (skipping NAD), ClearPass replies directly to the client (skipping NAD again) and then client sends the credentials to NAD and then NAD to ClearPass. Also I have read something about ClearPass POST the user credentials to the NAD device? All this sounds very weird to me. Is there any documentation of the entire process? I have only found the following article:

 

http://community.arubanetworks.com/t5/07-19-13-Expert-Day/How-does-captive-portal-authentication-really-work-with/td-p/87208

 

But this is not explained in detail. I have also found this:

 

http://www.arubanetworks.com/vrd/GuestAccessAppNote/wwhelp/wwhimpl/js/html/wwhelp.htm

 

Which is very well explained, but it doesn't include the part of ClearPass.

 

Regards,

Julián

Guru Elite

Re: Process of Captive Portal Authentication with ClearPass Guest

 

3 and 4 are the local internal ClearPass credential check to the local user database.

 

5 is where the client browser submits the credentials to the controller. The controller iniaates a RADIUS request to ClearPass. 

 

6 - If authentication is successful, ClearPass response with an access accept. 

 

What errors are you seeing? What isn't working?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: Process of Captive Portal Authentication with ClearPass Guest

Then let me know if this is correct:

 

3 - When the client is entering the credentials in the Web Login page and click on "Login", are the credentials sent directly to ClearPass (with no intervention of NAD device)?

 

4 - ClearPass checks the credentials in its database and reponds directly to client (again with no intervention of NAD device) saying "Logging in..." or "Invalid username or password".

 

5 - Client sends credentials to NAD and NAD sends them in a RADIUS request to ClearPass.

 

Regards,

Julián

Guru Elite

Re: Process of Captive Portal Authentication with ClearPass Guest

Yes


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: Process of Captive Portal Authentication with ClearPass Guest

OK, perfect. Then there is not step where ClearPass sends the user credentials back to the NAD device, right?

 

Regards,

Julián

Guru Elite

Re: Process of Captive Portal Authentication with ClearPass Guest

No. They're submitted through the browser to the controller.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: Process of Captive Portal Authentication with ClearPass Guest

OK, many thanks for the clarifications. Now I understand better this process.

 

Regards,

Julián

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: