Security

last person joined: an hour ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Chrome and Captive portal redirects to https://www.google.com

  • 1.  Chrome and Captive portal redirects to https://www.google.com

    Posted Jul 29, 2016 03:54 PM

    I've gotten some tickets from users who are attempting to access our captive portal SSID, and when the CP redirect occurs they are sent to https://www.google.com.  When this happens, they get a cert error and cannot proceed to the logon page unless they attempt to go to an http page instead.  It appears that Google Chrome has removed the ability to set a homepage manually in version 51.0.2704.81.  It seems in this new version the default page when opening a new tab is https://www.google.com or a blank page showing your most recent/viewed pages.

     

    I see there is an option under the Authentication -> L3 Authentication -> Captive Portal section called "Use HTTP for authentication".  

     

    I am wondering if enabling this feature would solve the above scenario. Short of telling users to use a different browser, that is.

     



  • 2.  RE: Chrome and Captive portal redirects to https://www.google.com

    Posted Jul 29, 2016 06:56 PM

    You could do that, but guest credentials will be sent in the clear.

     

    One thing you can try is to create a redirect page inside ClearPass that redirects to your self-reg/weblogin.

     

    Point the controller to that initial redirect page using HTTP.



  • 3.  RE: Chrome and Captive portal redirects to https://www.google.com

    Posted Jul 29, 2016 06:59 PM

    Well the guest credentials are simply their email address with no validation.  So I'm not sure if that is a huge security concern.  If enabling this feature would bypass the redirection to https://www.google.com than we may go ahead and do that.

     

    Thanks!

     



  • 4.  RE: Chrome and Captive portal redirects to https://www.google.com

    Posted Jul 30, 2016 07:16 AM

    You are not redirected to www.google.com; www.google.com is redirected to your captive portal and that is causing the warning.

     

    Check this blog post for the why and how; and some suggestions for a workaround.

     

    Herman