Security

We have an Aruba IAP cluster with a captive portal set up in ClearPass. On the self-registration page, users can log in using an access code, and this works as expected on Android devices. However, on iPhones, after entering the code, users are stuck in a loop and are repeatedly prompted to enter the code again. Has anyone encountered this issue?

Hi

Does the iPhone user get an Accept on the authentication request in Access Tracker. Can you share both a successful authentication from an Android and the result from an iPhone?

Also share the configuration of your Service with role mapping and enforcement policies.

If you check the Aruba role in IAP after the authentication of both Android and iPhone can you spot any difference?

Normally the user should be in a logon role before the authentication and another after successful authentication.

In the page you have this option:

Try to enable it to force the iPhone to open a normal web browser instead, and see if this have makes any improvements.

We have an Aruba IAP cluster with a captive portal set up in ClearPass. On the self-registration page, users can log in using an access code, and this works as expected on Android devices. However, on iPhones, after entering the code, users are stuck in a loop and are repeatedly prompted to enter the code again. Has anyone encountered this issue?

Hi

Does the iPhone user get an Accept on the authentication request in Access Tracker. Can you share both a successful authentication from an Android and the result from an iPhone?

Also share the configuration of your Service with role mapping and enforcement policies.

If you check the Aruba role in IAP after the authentication of both Android and iPhone can you spot any difference?

Normally the user should be in a logon role before the authentication and another after successful authentication.

In the page you have this option:

Try to enable it to force the iPhone to open a normal web browser instead, and see if this have makes any improvements.

We have an Aruba IAP cluster with a captive portal set up in ClearPass. On the self-registration page, users can log in using an access code, and this works as expected on Android devices. However, on iPhones, after entering the code, users are stuck in a loop and are repeatedly prompted to enter the code again. Has anyone encountered this issue?

Hi

Does the iPhone user get an Accept on the authentication request in Access Tracker. Can you share both a successful authentication from an Android and the result from an iPhone?

Also share the configuration of your Service with role mapping and enforcement policies.

If you check the Aruba role in IAP after the authentication of both Android and iPhone can you spot any difference?

Normally the user should be in a logon role before the authentication and another after successful authentication.

In the page you have this option:

Try to enable it to force the iPhone to open a normal web browser instead, and see if this have makes any improvements.

We have an Aruba IAP cluster with a captive portal set up in ClearPass. On the self-registration page, users can log in using an access code, and this works as expected on Android devices. However, on iPhones, after entering the code, users are stuck in a loop and are repeatedly prompted to enter the code again. Has anyone encountered this issue?

I had a similiar situation, where iPhones and iPads stopped working. What worked for me: in the Guest module under NAS Vendor Settings: I changed the default value "Secure Login: Use vendor default" to "Secure Login: Secure login using HTTPS"

Original Message:
Sent: Oct 16, 2024 02:58 PM
From: Mithran
Subject: Captive portal is not working in Apple iphones.

Original Message:
Sent: Oct 15, 2024 02:53 AM
From: jonas.hammarback
Subject: Captive portal is not working in Apple iphones.

Hi

Does the iPhone user get an Accept on the authentication request in Access Tracker. Can you share both a successful authentication from an Android and the result from an iPhone?

Also share the configuration of your Service with role mapping and enforcement policies.

If you check the Aruba role in IAP after the authentication of both Android and iPhone can you spot any difference?

Normally the user should be in a logon role before the authentication and another after successful authentication.

In the page you have this option:

Try to enable it to force the iPhone to open a normal web browser instead, and see if this have makes any improvements.

------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution

Original Message:
Sent: Oct 15, 2024 01:48 AM
From: Mithran
Subject: Captive portal is not working in Apple iphones.

We have an Aruba IAP cluster with a captive portal set up in ClearPass. On the self-registration page, users can log in using an access code, and this works as expected on Android devices. However, on iPhones, after entering the code, users are stuck in a loop and are repeatedly prompted to enter the code again. Has anyone encountered this issue?

You have an IP address in the Address field (4th field in the screenshot). That should be the FQDN which is installed on the IAP/AP/Controller, and that certificate should be publicly trusted. Please read the explanation in blue that indicates to put an FQDN here; and device at the end of the sentence refers to the AP/IAP/Controller.

Many browsers will refuse to send login credentials to a location that is insecure, like an IP address or non-trusted location, resulting in such a 'loop' condition.

It may even be that phones with cellular connection try to use the cellular instead of the WLAN, which doesn't work; but you could test that by putting the phone in flight-mode, then try to connect. In either case, having certificates in place is critical to make this work.

I had a similiar situation, where iPhones and iPads stopped working. What worked for me: in the Guest module under NAS Vendor Settings: I changed the default value "Secure Login: Use vendor default" to "Secure Login: Secure login using HTTPS"

Hi

Does the iPhone user get an Accept on the authentication request in Access Tracker. Can you share both a successful authentication from an Android and the result from an iPhone?

Also share the configuration of your Service with role mapping and enforcement policies.

If you check the Aruba role in IAP after the authentication of both Android and iPhone can you spot any difference?

Normally the user should be in a logon role before the authentication and another after successful authentication.

In the page you have this option:

Try to enable it to force the iPhone to open a normal web browser instead, and see if this have makes any improvements.

We have an Aruba IAP cluster with a captive portal set up in ClearPass. On the self-registration page, users can log in using an access code, and this works as expected on Android devices. However, on iPhones, after entering the code, users are stuck in a loop and are repeatedly prompted to enter the code again. Has anyone encountered this issue?

You have an IP address in the Address field (4th field in the screenshot). That should be the FQDN for the certificate which is installed on the IAP/AP/Controller, and that certificate should be publicly trusted. Please read the explanation in blue that indicates to put an FQDN here; and device at the end of the sentence refers to the AP/IAP/Controller.

Many browsers will refuse to send login credentials to a location that is insecure, like an IP address or non-trusted location, resulting in such a 'loop' condition.

It may even be that phones with cellular connection try to use the cellular instead of the WLAN, which doesn't work; but you could test that by putting the phone in flight-mode, then try to connect. In either case, having certificates in place is critical to make this work.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Oct 17, 2024 01:54 AM
From: d-nat
Subject: Captive portal is not working in Apple iphones.

I had a similiar situation, where iPhones and iPads stopped working. What worked for me: in the Guest module under NAS Vendor Settings: I changed the default value "Secure Login: Use vendor default" to "Secure Login: Secure login using HTTPS"

Original Message:
Sent: Oct 16, 2024 02:58 PM
From: Mithran
Subject: Captive portal is not working in Apple iphones.

Original Message:
Sent: Oct 15, 2024 02:53 AM
From: jonas.hammarback
Subject: Captive portal is not working in Apple iphones.

Hi

Does the iPhone user get an Accept on the authentication request in Access Tracker. Can you share both a successful authentication from an Android and the result from an iPhone?

Also share the configuration of your Service with role mapping and enforcement policies.

If you check the Aruba role in IAP after the authentication of both Android and iPhone can you spot any difference?

Normally the user should be in a logon role before the authentication and another after successful authentication.

In the page you have this option:

Try to enable it to force the iPhone to open a normal web browser instead, and see if this have makes any improvements.

------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution

Original Message:
Sent: Oct 15, 2024 01:48 AM
From: Mithran
Subject: Captive portal is not working in Apple iphones.

We have an Aruba IAP cluster with a captive portal set up in ClearPass. On the self-registration page, users can log in using an access code, and this works as expected on Android devices. However, on iPhones, after entering the code, users are stuck in a loop and are repeatedly prompted to enter the code again. Has anyone encountered this issue?

Hi @Herman Robers , I have question here , For instance, on the self-registration page, we've specified guest.example.com in ClearPass. We need to install a captive portal certificate with CN = guest.example.com, which should be a publicly signed certificate. 

You have an IP address in the Address field (4th field in the screenshot). That should be the FQDN for the certificate which is installed on the IAP/AP/Controller, and that certificate should be publicly trusted. Please read the explanation in blue that indicates to put an FQDN here; and device at the end of the sentence refers to the AP/IAP/Controller.

Many browsers will refuse to send login credentials to a location that is insecure, like an IP address or non-trusted location, resulting in such a 'loop' condition.

It may even be that phones with cellular connection try to use the cellular instead of the WLAN, which doesn't work; but you could test that by putting the phone in flight-mode, then try to connect. In either case, having certificates in place is critical to make this work.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Oct 17, 2024 01:54 AM
From: d-nat
Subject: Captive portal is not working in Apple iphones.

I had a similiar situation, where iPhones and iPads stopped working. What worked for me: in the Guest module under NAS Vendor Settings: I changed the default value "Secure Login: Use vendor default" to "Secure Login: Secure login using HTTPS"

Original Message:
Sent: Oct 16, 2024 02:58 PM
From: Mithran
Subject: Captive portal is not working in Apple iphones.

Original Message:
Sent: Oct 15, 2024 02:53 AM
From: jonas.hammarback
Subject: Captive portal is not working in Apple iphones.

Hi

Does the iPhone user get an Accept on the authentication request in Access Tracker. Can you share both a successful authentication from an Android and the result from an iPhone?

Also share the configuration of your Service with role mapping and enforcement policies.

If you check the Aruba role in IAP after the authentication of both Android and iPhone can you spot any difference?

Normally the user should be in a logon role before the authentication and another after successful authentication.

In the page you have this option:

Try to enable it to force the iPhone to open a normal web browser instead, and see if this have makes any improvements.

------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution

Original Message:
Sent: Oct 15, 2024 01:48 AM
From: Mithran
Subject: Captive portal is not working in Apple iphones.

We have an Aruba IAP cluster with a captive portal set up in ClearPass. On the self-registration page, users can log in using an access code, and this works as expected on Android devices. However, on iPhones, after entering the code, users are stuck in a loop and are repeatedly prompted to enter the code again. Has anyone encountered this issue?

Hi @Herman Robers , I have question here , For instance, on the self-registration page, we've specified guest.example.com in ClearPass. We need to install a captive portal certificate with CN = guest.example.com, which should be a publicly signed certificate. 

You have an IP address in the Address field (4th field in the screenshot). That should be the FQDN for the certificate which is installed on the IAP/AP/Controller, and that certificate should be publicly trusted. Please read the explanation in blue that indicates to put an FQDN here; and device at the end of the sentence refers to the AP/IAP/Controller.

Many browsers will refuse to send login credentials to a location that is insecure, like an IP address or non-trusted location, resulting in such a 'loop' condition.

It may even be that phones with cellular connection try to use the cellular instead of the WLAN, which doesn't work; but you could test that by putting the phone in flight-mode, then try to connect. In either case, having certificates in place is critical to make this work.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Oct 17, 2024 01:54 AM
From: d-nat
Subject: Captive portal is not working in Apple iphones.

I had a similiar situation, where iPhones and iPads stopped working. What worked for me: in the Guest module under NAS Vendor Settings: I changed the default value "Secure Login: Use vendor default" to "Secure Login: Secure login using HTTPS"

Original Message:
Sent: Oct 16, 2024 02:58 PM
From: Mithran
Subject: Captive portal is not working in Apple iphones.

Original Message:
Sent: Oct 15, 2024 02:53 AM
From: jonas.hammarback
Subject: Captive portal is not working in Apple iphones.

Hi

Does the iPhone user get an Accept on the authentication request in Access Tracker. Can you share both a successful authentication from an Android and the result from an iPhone?

Also share the configuration of your Service with role mapping and enforcement policies.

If you check the Aruba role in IAP after the authentication of both Android and iPhone can you spot any difference?

Normally the user should be in a logon role before the authentication and another after successful authentication.

In the page you have this option:

Try to enable it to force the iPhone to open a normal web browser instead, and see if this have makes any improvements.

------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution

Original Message:
Sent: Oct 15, 2024 01:48 AM
From: Mithran
Subject: Captive portal is not working in Apple iphones.

We have an Aruba IAP cluster with a captive portal set up in ClearPass. On the self-registration page, users can log in using an access code, and this works as expected on Android devices. However, on iPhones, after entering the code, users are stuck in a loop and are repeatedly prompted to enter the code again. Has anyone encountered this issue?

Hi @Herman Robers , I have question here , For instance, on the self-registration page, we've specified guest.example.com in ClearPass. We need to install a captive portal certificate with CN = guest.example.com, which should be a publicly signed certificate. 

You have an IP address in the Address field (4th field in the screenshot). That should be the FQDN for the certificate which is installed on the IAP/AP/Controller, and that certificate should be publicly trusted. Please read the explanation in blue that indicates to put an FQDN here; and device at the end of the sentence refers to the AP/IAP/Controller.

Many browsers will refuse to send login credentials to a location that is insecure, like an IP address or non-trusted location, resulting in such a 'loop' condition.

It may even be that phones with cellular connection try to use the cellular instead of the WLAN, which doesn't work; but you could test that by putting the phone in flight-mode, then try to connect. In either case, having certificates in place is critical to make this work.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Oct 17, 2024 01:54 AM
From: d-nat
Subject: Captive portal is not working in Apple iphones.

I had a similiar situation, where iPhones and iPads stopped working. What worked for me: in the Guest module under NAS Vendor Settings: I changed the default value "Secure Login: Use vendor default" to "Secure Login: Secure login using HTTPS"

Original Message:
Sent: Oct 16, 2024 02:58 PM
From: Mithran
Subject: Captive portal is not working in Apple iphones.

Original Message:
Sent: Oct 15, 2024 02:53 AM
From: jonas.hammarback
Subject: Captive portal is not working in Apple iphones.

Hi

Does the iPhone user get an Accept on the authentication request in Access Tracker. Can you share both a successful authentication from an Android and the result from an iPhone?

Also share the configuration of your Service with role mapping and enforcement policies.

If you check the Aruba role in IAP after the authentication of both Android and iPhone can you spot any difference?

Normally the user should be in a logon role before the authentication and another after successful authentication.

In the page you have this option:

Try to enable it to force the iPhone to open a normal web browser instead, and see if this have makes any improvements.

------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution

Original Message:
Sent: Oct 15, 2024 01:48 AM
From: Mithran
Subject: Captive portal is not working in Apple iphones.

We have an Aruba IAP cluster with a captive portal set up in ClearPass. On the self-registration page, users can log in using an access code, and this works as expected on Android devices. However, on iPhones, after entering the code, users are stuck in a loop and are repeatedly prompted to enter the code again. Has anyone encountered this issue?