View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Guest Captive Portal with SAML

This thread has been viewed 18 times
  • 1.  ClearPass Guest Captive Portal with SAML

    Posted Nov 10, 2022 02:21 PM
    I am working on setting up a guest captive portal in ClearPass.  The customer would like to enable SSO login with SAML to allow users with an Azure AD account to connect their personal devices for internet access.  

    We are currently running 6.10.2.  On the self-registration page it looks like there are a couple different options for this type of login and I am trying to determine which one I need to configure for the SAML authentication?  

    Under the vendor settings  on the login page there is an option for Single Sign On - SAML Identity provider.  Under the login form - pre-auth check there is an option for App Authentication and under the Cloud Identity there is an option to enable logins with cloud identity.  

    In previous versions (prior to 6.10) we would enable the SSO login under the pre-auth check.  That is no longer an option in that section and I am trying to determine which option I need to set now to get this to work correctly?  

    Any assistance would be appreciated.

  • 2.  RE: ClearPass Guest Captive Portal with SAML

    Posted Nov 11, 2022 08:51 AM
    Unsure what you try to do. If users should use their Azure AD to sign in to the guest network, create a Weblogin, which has the SAML option for pre-auth.
    Self-registration is for end users to generate a guest account and have it (optionally) sponsored or verified by mail/SMS.

    What also may work is enable SAML for the Guest Operator Profile, and let your users create/sponsor an account by logging in to /guest/ with SAML SSO.

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.