Security

Hello!

I have a really strange issue I'm finding it difficult to get to the bottom of. I've setup a new Clearpass Guest Self Registration Portal, I've added the Captive Portal configuration with all the correct certificates onto my controller and if setup my WLAN to open the captive portal login page (guest/public-registration_login.php) everything works correctly. I can login with a pre-existing guest account and gain access to the network.

When I update the captive portal configuration to go straight to the registration URL (guest/public-registration.php) I get the page up ok and I can sign up for an account, on the receipt page if I click login it just redirects me straight page to the registration page again to sign up? I can't seem to figure out where in the process this is failing and the fact that I can get the login page to work ok has stumpted me! 

Hope someone can give me some pointers I'd be so grateful!

D

------------------------------
Calabi A
------------------------------

Do you have your NAS settings set up correctly for the self-registration page? You can find this under advanced editor when you edit your self-registration. Is it set up like your guest login page?








------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Nov 30, 2021 03:39 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hello!

I have a really strange issue I'm finding it difficult to get to the bottom of. I've setup a new Clearpass Guest Self Registration Portal, I've added the Captive Portal configuration with all the correct certificates onto my controller and if setup my WLAN to open the captive portal login page (guest/public-registration_login.php) everything works correctly. I can login with a pre-existing guest account and gain access to the network.

When I update the captive portal configuration to go straight to the registration URL (guest/public-registration.php) I get the page up ok and I can sign up for an account, on the receipt page if I click login it just redirects me straight page to the registration page again to sign up? I can't seem to figure out where in the process this is failing and the fact that I can get the login page to work ok has stumpted me! 

Hope someone can give me some pointers I'd be so grateful!

D

------------------------------
Calabi A
------------------------------

Hey! Thanks for the quick response, is the NAS Vendor Settings under the self registration page? I have changed the IP address to the non-DNS resolvable entry in my controller clearpass certificate to handle the secure communication.

Is there different NAS settings between the login page and the registration page? I can't explain why it works for login but not for registration :(

Cheers,

C

------------------------------
Calabi A
------------------------------

Original Message:
Sent: Nov 30, 2021 04:02 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue

Do you have your NAS settings set up correctly for the self-registration page?

------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 03:39 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hello!

I have a really strange issue I'm finding it difficult to get to the bottom of. I've setup a new Clearpass Guest Self Registration Portal, I've added the Captive Portal configuration with all the correct certificates onto my controller and if setup my WLAN to open the captive portal login page (guest/public-registration_login.php) everything works correctly. I can login with a pre-existing guest account and gain access to the network.

When I update the captive portal configuration to go straight to the registration URL (guest/public-registration.php) I get the page up ok and I can sign up for an account, on the receipt page if I click login it just redirects me straight page to the registration page again to sign up? I can't seem to figure out where in the process this is failing and the fact that I can get the login page to work ok has stumpted me! 

Hope someone can give me some pointers I'd be so grateful!

D

------------------------------
Calabi A
------------------------------

------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Nov 30, 2021 04:10 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hey! Thanks for the quick response, is the NAS Vendor Settings under the self registration page? I have changed the IP address to the non-DNS resolvable entry in my controller clearpass certificate to handle the secure communication.

Is there different NAS settings between the login page and the registration page? I can't explain why it works for login but not for registration :(

Cheers,

C

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:02 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue

Do you have your NAS settings set up correctly for the self-registration page?

------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 03:39 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hello!

I have a really strange issue I'm finding it difficult to get to the bottom of. I've setup a new Clearpass Guest Self Registration Portal, I've added the Captive Portal configuration with all the correct certificates onto my controller and if setup my WLAN to open the captive portal login page (guest/public-registration_login.php) everything works correctly. I can login with a pre-existing guest account and gain access to the network.

When I update the captive portal configuration to go straight to the registration URL (guest/public-registration.php) I get the page up ok and I can sign up for an account, on the receipt page if I click login it just redirects me straight page to the registration page again to sign up? I can't seem to figure out where in the process this is failing and the fact that I can get the login page to work ok has stumpted me! 

Hope someone can give me some pointers I'd be so grateful!

D

------------------------------
Calabi A
------------------------------

thanks for those screenshots! Yes mine is configured in the same way apart from the IP address I'm using a custom fqdn entry in the IP address section.

------------------------------
Calabi A
------------------------------

Original Message:
Sent: Nov 30, 2021 04:15 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue






------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 04:10 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hey! Thanks for the quick response, is the NAS Vendor Settings under the self registration page? I have changed the IP address to the non-DNS resolvable entry in my controller clearpass certificate to handle the secure communication.

Is there different NAS settings between the login page and the registration page? I can't explain why it works for login but not for registration :(

Cheers,

C

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:02 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue

Do you have your NAS settings set up correctly for the self-registration page?

------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 03:39 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hello!

I have a really strange issue I'm finding it difficult to get to the bottom of. I've setup a new Clearpass Guest Self Registration Portal, I've added the Captive Portal configuration with all the correct certificates onto my controller and if setup my WLAN to open the captive portal login page (guest/public-registration_login.php) everything works correctly. I can login with a pre-existing guest account and gain access to the network.

When I update the captive portal configuration to go straight to the registration URL (guest/public-registration.php) I get the page up ok and I can sign up for an account, on the receipt page if I click login it just redirects me straight page to the registration page again to sign up? I can't seem to figure out where in the process this is failing and the fact that I can get the login page to work ok has stumpted me! 

Hope someone can give me some pointers I'd be so grateful!

D

------------------------------
Calabi A
------------------------------

Sorry actually I've had another look at this and I can see that I have an IP address field but you have an address field in my Login section. Would this make a difference?

------------------------------
Calabi A
------------------------------

Original Message:
Sent: Nov 30, 2021 04:36 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

thanks for those screenshots! Yes mine is configured in the same way apart from the IP address I'm using a custom fqdn entry in the IP address section.

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:15 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue






------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 04:10 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hey! Thanks for the quick response, is the NAS Vendor Settings under the self registration page? I have changed the IP address to the non-DNS resolvable entry in my controller clearpass certificate to handle the secure communication.

Is there different NAS settings between the login page and the registration page? I can't explain why it works for login but not for registration :(

Cheers,

C

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:02 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue

Do you have your NAS settings set up correctly for the self-registration page?

------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 03:39 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hello!

I have a really strange issue I'm finding it difficult to get to the bottom of. I've setup a new Clearpass Guest Self Registration Portal, I've added the Captive Portal configuration with all the correct certificates onto my controller and if setup my WLAN to open the captive portal login page (guest/public-registration_login.php) everything works correctly. I can login with a pre-existing guest account and gain access to the network.

When I update the captive portal configuration to go straight to the registration URL (guest/public-registration.php) I get the page up ok and I can sign up for an account, on the receipt page if I click login it just redirects me straight page to the registration page again to sign up? I can't seem to figure out where in the process this is failing and the fact that I can get the login page to work ok has stumpted me! 

Hope someone can give me some pointers I'd be so grateful!

D

------------------------------
Calabi A
------------------------------

Do you see an authentication (failures) in Access Tracker?

Have you deployed a ClearPass cluster, and is the captive portal authenticating to one of the subscribers? Please set a login-delay of 6 seconds in the NAS Login settings. There is a replication delay in the cluster (should be max 5 seconds), and when the guest account is created, it may take that long before the user is synced to the subscriber.

Edit: you should NOT have an IP in your Address. Use the FQDN that is on the trusted certificate installed for captive portal to your controller/APs. A client will not be able to trust the IP, and also connections to that IP may be redirected again, resulting on the loop you see.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 30, 2021 04:54 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Sorry actually I've had another look at this and I can see that I have an IP address field but you have an address field in my Login section. Would this make a difference?

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:36 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

thanks for those screenshots! Yes mine is configured in the same way apart from the IP address I'm using a custom fqdn entry in the IP address section.

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:15 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue






------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 04:10 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hey! Thanks for the quick response, is the NAS Vendor Settings under the self registration page? I have changed the IP address to the non-DNS resolvable entry in my controller clearpass certificate to handle the secure communication.

Is there different NAS settings between the login page and the registration page? I can't explain why it works for login but not for registration :(

Cheers,

C

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:02 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue

Do you have your NAS settings set up correctly for the self-registration page?

------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 03:39 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hello!

I have a really strange issue I'm finding it difficult to get to the bottom of. I've setup a new Clearpass Guest Self Registration Portal, I've added the Captive Portal configuration with all the correct certificates onto my controller and if setup my WLAN to open the captive portal login page (guest/public-registration_login.php) everything works correctly. I can login with a pre-existing guest account and gain access to the network.

When I update the captive portal configuration to go straight to the registration URL (guest/public-registration.php) I get the page up ok and I can sign up for an account, on the receipt page if I click login it just redirects me straight page to the registration page again to sign up? I can't seem to figure out where in the process this is failing and the fact that I can get the login page to work ok has stumpted me! 

Hope someone can give me some pointers I'd be so grateful!

D

------------------------------
Calabi A
------------------------------

Hi all I just wanted to update on this. 

I worked out the issue, it was because I had disabled the password field in the registration because the organisation just wanted a sign up only and then login.

Once I enabled the field it works perfectly again and i just hid the password field instead.

It must use the password field somewhere in the autologin function after registration.

Hope this helps someone.

------------------------------
Calabi A
------------------------------

Original Message:
Sent: Dec 01, 2021 07:49 AM
From: Herman Robers
Subject: Clearpass Guest Registration redirect issue

Do you see an authentication (failures) in Access Tracker?

Have you deployed a ClearPass cluster, and is the captive portal authenticating to one of the subscribers? Please set a login-delay of 6 seconds in the NAS Login settings. There is a replication delay in the cluster (should be max 5 seconds), and when the guest account is created, it may take that long before the user is synced to the subscriber.

Edit: you should NOT have an IP in your Address. Use the FQDN that is on the trusted certificate installed for captive portal to your controller/APs. A client will not be able to trust the IP, and also connections to that IP may be redirected again, resulting on the loop you see.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 30, 2021 04:54 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Sorry actually I've had another look at this and I can see that I have an IP address field but you have an address field in my Login section. Would this make a difference?

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:36 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

thanks for those screenshots! Yes mine is configured in the same way apart from the IP address I'm using a custom fqdn entry in the IP address section.

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:15 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue






------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 04:10 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hey! Thanks for the quick response, is the NAS Vendor Settings under the self registration page? I have changed the IP address to the non-DNS resolvable entry in my controller clearpass certificate to handle the secure communication.

Is there different NAS settings between the login page and the registration page? I can't explain why it works for login but not for registration :(

Cheers,

C

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:02 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue

Do you have your NAS settings set up correctly for the self-registration page?

------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 03:39 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hello!

I have a really strange issue I'm finding it difficult to get to the bottom of. I've setup a new Clearpass Guest Self Registration Portal, I've added the Captive Portal configuration with all the correct certificates onto my controller and if setup my WLAN to open the captive portal login page (guest/public-registration_login.php) everything works correctly. I can login with a pre-existing guest account and gain access to the network.

When I update the captive portal configuration to go straight to the registration URL (guest/public-registration.php) I get the page up ok and I can sign up for an account, on the receipt page if I click login it just redirects me straight page to the registration page again to sign up? I can't seem to figure out where in the process this is failing and the fact that I can get the login page to work ok has stumpted me! 

Hope someone can give me some pointers I'd be so grateful!

D

------------------------------
Calabi A
------------------------------

Ah, that is correct. You need to have the password field in your receipt in order to allow the NAS login button to work. You can make the password field hidden, so it is there but end-users will not see it and the user experience looks slick and clean. You may have found this option already.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Dec 12, 2021 03:34 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hi all I just wanted to update on this. 

I worked out the issue, it was because I had disabled the password field in the registration because the organisation just wanted a sign up only and then login.

Once I enabled the field it works perfectly again and i just hid the password field instead.

It must use the password field somewhere in the autologin function after registration.

Hope this helps someone.

------------------------------
Calabi A

Original Message:
Sent: Dec 01, 2021 07:49 AM
From: Herman Robers
Subject: Clearpass Guest Registration redirect issue

Do you see an authentication (failures) in Access Tracker?

Have you deployed a ClearPass cluster, and is the captive portal authenticating to one of the subscribers? Please set a login-delay of 6 seconds in the NAS Login settings. There is a replication delay in the cluster (should be max 5 seconds), and when the guest account is created, it may take that long before the user is synced to the subscriber.

Edit: you should NOT have an IP in your Address. Use the FQDN that is on the trusted certificate installed for captive portal to your controller/APs. A client will not be able to trust the IP, and also connections to that IP may be redirected again, resulting on the loop you see.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 30, 2021 04:54 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Sorry actually I've had another look at this and I can see that I have an IP address field but you have an address field in my Login section. Would this make a difference?

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:36 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

thanks for those screenshots! Yes mine is configured in the same way apart from the IP address I'm using a custom fqdn entry in the IP address section.

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:15 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue






------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 04:10 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hey! Thanks for the quick response, is the NAS Vendor Settings under the self registration page? I have changed the IP address to the non-DNS resolvable entry in my controller clearpass certificate to handle the secure communication.

Is there different NAS settings between the login page and the registration page? I can't explain why it works for login but not for registration :(

Cheers,

C

------------------------------
Calabi A

Original Message:
Sent: Nov 30, 2021 04:02 PM
From: Dustin Burns
Subject: Clearpass Guest Registration redirect issue

Do you have your NAS settings set up correctly for the self-registration page?

------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Nov 30, 2021 03:39 PM
From: Calabi A
Subject: Clearpass Guest Registration redirect issue

Hello!

I have a really strange issue I'm finding it difficult to get to the bottom of. I've setup a new Clearpass Guest Self Registration Portal, I've added the Captive Portal configuration with all the correct certificates onto my controller and if setup my WLAN to open the captive portal login page (guest/public-registration_login.php) everything works correctly. I can login with a pre-existing guest account and gain access to the network.

When I update the captive portal configuration to go straight to the registration URL (guest/public-registration.php) I get the page up ok and I can sign up for an account, on the receipt page if I click login it just redirects me straight page to the registration page again to sign up? I can't seem to figure out where in the process this is failing and the fact that I can get the login page to work ok has stumpted me! 

Hope someone can give me some pointers I'd be so grateful!

D

------------------------------
Calabi A
------------------------------