Security

last person joined: 10 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Android & Clearpass Guest - Unable to post credentials

Jump to Best Answer
This thread has been viewed 0 times
  • 1.  Android & Clearpass Guest - Unable to post credentials

    Posted Jul 29, 2013 09:30 PM

    HI,

     

    I'm trying to integrate Clearpass Guest with a HP MSM 760 controller.

     

    I've got it working in that i can connect a guest user to the wireless with credentials posted to the Clearpass server. This works fine for iOS and Windows devices however i've tried a couple of android devices and these dont' seem to be able to POST the credentials back to the HP controller.

     

    Just wondering if anybody has experienced this or if there are any known issues with Android and HTTP redirects?

    Scott

     



  • 2.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Jul 29, 2013 09:32 PM

    Further to that the authentication flow is like this:

     

     

    HP AP (Open SSID with HTML Authentication) > MSM Controller > Redirect to CPPM Web Page > Credentials POSTed to CPPM  and verified against radius (OK) > Redirect to MSM controller interface and POST of these credentials to controller > MSM controller RADIUS to CPPM.

     



  • 3.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Jul 29, 2013 09:39 PM
    I'm not sure if it will help but There is an old amigopod - colubris guide on the support site did you look at it just in case it has any trouble shooting tips.


  • 4.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Jul 29, 2013 09:40 PM

    thanks, yeah i used that as a reference, its actually very outdated and the instructions in that guide don't work (you have to use the controller certificate URL to reference the authentication and not the IP address otherwise it won't accept the HTML POST).

     

    The implementation seems find it's just one type of client won't work.

     

    scott



  • 5.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Jul 30, 2013 02:12 AM

    Can you be a bit more specific about "don't seem to be able to POST the credentials back to the HP controller".

     

    What Android devices, and what browsers are you testing on?

     

    What happens?  Are you on the login message page, or somewhere else?  Do you have a packet capture that shows what's going on?

     



  • 6.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Jul 30, 2013 12:53 PM

    Does the Android device have cookies enabled in the browser?

    I've had issues in the past with Guest access (Amigopod) if the device didn't have cookies enabled

     



  • 7.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Jul 31, 2013 08:50 AM

    I can't speak for HP, however, I'm using a mixed Cisco and Aruba environment and we are not seeing these issues with Android Specifically.  I am seeing other issues with some Browsers on Android, but I don't have the issues you are describing.  I am running CP 6.2.



  • 8.  RE: Android & Clearpass Guest - Unable to post credentials
    Best Answer

    Posted Aug 07, 2013 06:40 PM

    hi all, thanks for the replys.

     

    i returned to the client site yesterday to troubleshoot this further.

     

    Upon arriving i setup my tablet to connect and started running packet captures, only to find it was working fine......

     

    Couldnt' fault it and as far as i know nothing has changed.

     

    Guess i'll just put this down to HP controlller having a bad day (as they so often do).

     

    Thankyou all for your helpful replies.

     



  • 9.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Jul 11, 2016 06:49 PM

    Hey Scott (or anyone else),

    Is there an integration guide for HP MSM controllers and ClearPass for Guest Portals?



  • 10.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Jul 11, 2016 06:53 PM


  • 11.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Jul 11, 2016 07:26 PM

    Thanks!

    I dug all through there before I posted here. Your link took me directly to it, but I couldn't find it when I searched. Is there a secret I'm missing, or am I having a blonde moment?

    -jj



  • 12.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Jul 11, 2016 07:27 PM
    Documentation > ClearPass > TechNotes


  • 13.  RE: Android & Clearpass Guest - Unable to post credentials



  • 14.  RE: Android & Clearpass Guest - Unable to post credentials

    Posted Aug 07, 2013 06:43 PM

    to respond to dave, the issue was that all the captive portal stuff was working fine. Packet captures from the controller interface showed that the Android device was posting to clearpass and then as per the correct flow, the client was then instructed to post the credentials to the HP controller. Packet captures showed the TCP SYN going to the controller but no replys.....

     

    i'm suspecting the new HP MSM software is buggy as i've seen some weird behaviour with inconsitent authentication from AP's in the same AP group.

     

    For example, i use called station id in me clearpass services to filter the SSID from each network coming in. I had a case where 1 access point on the floor would not send the mac:ssid string, but rather only the  mac address. This is not right and rebooting the AP resolved it....

     

    Scott