After upgrading to 6.6.x or later from 6.5.x or earlier, SSO login to the guest network or login as guest operators using SSO stops working
The issue occurs because starting from Clearpass version 6.6.x onwards the SSO login is separated between Operator login to Guest/Onboard application and Network Web Login access for Guest/Onboard.
The option for enabling SSO as it appears on 6.5.x
Options as they appear for enabling SSO on 6.6.x
As you can clearly see we now have two separate options on 6.6.x one for Operator Logins and the other for Guest Web Login access.
Because we have to distinguish between the SSO login requests for Guest Login and Operator login the requests now come in with different Application:Name attribute.
The solution for this is to have a service that handles the SSO authentication requests that come in for both Guest and Guest Operators
The Application:Name in the incoming authentication request for Guest SSO requests
The Application:Name in the incoming authentication request for Operator login SSO
As we can see the attribute for Service Categorization between operator login sso requests and guest web login sso requests is different.
We need to make sure that we modify our services to handle both these requests if we have SSO enabled for both Operator login and Guest Web Login so that everything starts working.