Has anyone had success in getting sponsor lookup working?
I'm trying to do what I would assume must be a pretty common configuration: to save the guest from needing to know their sponsor's e-mail address by allowing then to start typing the name of an employee in our organisation, and have the self-registration page auto-complete with a list of matching names from AD and then use the e-mail address for the "sponsor_email" field.
The functionality seems rather confused an not well documented.
Progress so far:
AUTHENTICATION SERVER (Guest->Adminstration->Operator logins->Server)
Server Type:MS Active Directory
User search Display Attributes:
mail = id displayName = text
Sponsor lookup atribute mapping:
sponsor_name | displayName sponsor_email | mail sponsor_lookup | mail
This seems to work and can lookup names in our AD and return e-mail addresses.
SELF-REGISTRATION PAGE (Guest->Configuration->Guest self-registration->Register page Form)
replaced "sponsor_email" field with "sponsor_lookup"
In advanced properties of this form:
Select2 Options: ajax.args.server = [name of authentication server above]
This also works. When I test the form itself from a PC on our LAN. It looks up the name, shows that display name and sends the request to the corresponding e-mail address.
HOWEVER, when testing wireless access using the access point and captive portal process itself, the page shows but lookup seems to hang without returning anthing. The ajax control just shows "Searching..." with the animated rotating icon forever.
I have the AP security set to use a pre-authentication role but for testing I've opened this to access to anything so I don't think the problem is AP security.
Oddly, if I type the full url of the self-registration page (https:[ClearpassIP]/guest/self_reg_page.php) into the browser of the wireless device, the lookup DOES return results. It's just when the page is redirected as part of the captive portal process that the lookup seems to hang.
Any suggestions, or general tips of getting sponsor lookup for self-registration working would be a HUGE help!
Are you seeing any certificate errors or other issues when loading the page?
From your description, it seems like you have the sponsor lookup function configured correctly and working as intended.
Check that your captive portal redirect URL includes the proper hostname for the CPPM server. Also check that the CPPM server certificate matches this hostname.
If you suspect an SSL issue, you can try turning off HTTPS and using regular HTTP – this should work without any issues.
Did you actually find a doc somewhere that explained this? I've searched the manual but could not find anything en the release notice that mention this have no detail whatsoever.
Earlier I did find about lookup of airgroup lookups which had a bunch more setting in the select2 options and select2 hook fields. http://community.arubanetworks.com/t5/Video/Video-ClearPass-Advanced-Configuration-Topics/ta-p/84424
Now regardless of using your 'basic' config or the added select2 stuff.. it simply won't look anything up.
I'm guessing the authentication server is configured properly since I can perform a search and find everything I want. When I do a lookup however I always receive an error.
In 6.2, we made this easier with a new field you can use in the sponsored registration called "sponsor_lookup". Use that vs. spnsor_name in the registration form.
This is reliant on an LDAP lookup into AD or directory.
Thanks, but the ldap server is active.
When I do a 'test lookup' there and select 'search' I get results. When I select 'lookup' however I always get the same 'error':
'error' => 1,
'error' => 1,
'message' => 'Lookup failed',
Have opened a TAC case to get to the bottom of it.
koenv, if it helps, I don't think this lookup test is necessary for the sponsor lookup to work.
My sponsor lookup is working, but I am getting the same error as you when I try a test lookup in the LDAP server set up:
Test: Perform a lookup test
Search mode: Perform a lookup ----> FAILS
Search mode: Perform a search----> SUCCESS
Here's the screen shots of the problem I'm getting with sponsor lookup.
My best guess is that it's caused by a problem with the way the ajax control is written that causes the lookup to fail if the page was loaded due to a captive portal redirection.
1. WITH CAPTIVE PORTAL REDIRECTION
A wireless client connects to the SSID, tries to browse to a web page and is redirected to self-regitration.
(note the address bar shows the intended URL)
Lookup just hangs and the browser (in this case IE8 but I've tested with IE9, Chrome and firefox) shows a page error.
The error, bottom left, is:
Line 876 in the page's source is:
x.open(request_type, uri, true);
2. WITHOUT CAPTIVE PORTAL REDIRECTION
Same wireless client.
Having hit this error, if I manually type the true URL of the self-registration page:
(note the address bar now shows the true self-reg URL)
It works. No page error!
Any suggestions for what I can change myself to get captive portal sponsor lookup working?
The only workaround I can find for this issue is for captive portal redirection to point to the login page, rather than the self-registration page, first.
Then the guest must click a link to get to the self-registration page (that contains this ajax sponsor lookup control).
In doing this, the URL in the address bar matches the true page address and lookup works.
What is the captive portal you are using? Are you using Aruba Instant?
Yes, Aruba Instant.
just a quick FYI, managed to get my field working by going back to the default skin. Apparantly the custom skin screwed up showing the dynamic part of the lookup field. Now running into the same issue as http://community.arubanetworks.com/t5/ClearPass-formerly-known-as/Clearpass-Guest-log-in-error-after-sponsor-lookup/td-p/91926
Thanks koenv. Yes, that second problem is me too.
Good to know I'm not the only one struggling to get sponsor lookup working.
Hopefully a patch or update will remedy the problem soon.
"The Sponsor Name lookup works in the Guest Registration page but when we try to click on login we were getting an error, “-:NwaLdapSponsorUserSearchAjax not callable" . We have opened a bug # 17021 and as per the bug tracker, the issue will be resolved with the next patch but ETA is currently not available. I shall get back to you whenever I have the Release date."
"The patch that contains the fix for this case is due to be released on Sept 11, 2013. "
Confirmed. After applying the patch. This problem is solved.
Thanks for your replies.
I have the sponsor_lookup field working, the steps I took to get there are described in my first post.
First question: Is there no documentation for the use of this new field - and sponsor lookups in general? It took a lot of trial and error to get there which could have been avoided with some decent tech notes.
Sounds like this would help koenv too.
Second question: going back to my original problem, I have the sponsor lookup working perfectly when I test it from a LAN connected computer by going to the URL https:[ClearpassIP]/guest/self_reg_page.php
However, when I test it on an actual wireless client, the browser is correctly redirected to the captive portal page, everything looks fine, BUT....
the sponsor lookup just hangs on search, without finding anything.
At this point, the address showing in the browser's address bar, is the user's intended page, e.g. www.google.com
the really strange thing is that if I change this to https:[ClearpassIP]/guest/self_reg_page.php, the captive portal page reloads with no apparent difference BUT...
the sponsor lookup now works!
So why isn't it working on captive portal redirection?
I think I have eliminated the possibility this could be due to a restriction on the controller. We are using Instant APs. The Virtual controller is set as follows (weakened security for testing):
Splash: External RADIUS Authentication
Auth server: clearpass
Re-auth internal: 0 hrs
Acc int. 10 mins
WPA-2 8-63 chars
External splash: [clearpassIP]
capt portal failure: deny internat
automatic whitelisting: disabled
So is there something I can change in Clearpass manager (maybe Configuration->Services->Guest Access - Web Login Pre-Auth??)
or something in Clearpass Guest that I can change to get this working?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.