Wireless Access

 View Only
  • 1.  ClearPass Guest - Self Registration

    Posted Dec 21, 2022 08:18 AM
    We're currently adding email self registrations for guests as an authentication option. It is working to a certain extent, in that users are able to register their email address (using guest_register form) and are given a 10 minute window of access before they have verified their account via an email notification. Once that is confirmed the user has full access. 

    However, this process is currently quite manual. After the user has entered their email, they have to select a 'log in' button (found on the guest_register_receipt form) before they are given the 10 minute grace period before they are disconnected (if they do not verify their email address using the notification). This works and clients are able to get access to the network.

    We have a mechanism in place to skip the receipt page and 'log in' automatically - this is to make the process smoother from a UX perspective. This is not currently working and users are receiving an 'access denied' error message upon entering their email address. The following errors appear in the access tracker for the matched service: 

    RADIUS

    [Guest User Repository] - localhost: User not found.
    PAP: SSO Token verification failed


    Happy to share more information regarding the configuration of self reg if required/ or if more context is needed.


  • 2.  RE: ClearPass Guest - Self Registration

    Posted Dec 22, 2022 11:20 AM
    You may need to include a certain delay between the receipt page and the login. Especially if you work on a subscriber, the account is created on the publisher, then synced to the subscriber and only after a few seconds it's available. Without the full access trackers it's hard to find a resolution, but if you see in the Access Tracker the correct username, but the User not Found for the Guest User Repository Does it work if you try the same credentials half a minute later?

    In the self registration flow, there should be a Login Delay setting, which is 0 seconds by default and you can try to set that to 5 or 10 seconds.

    If that doesn't help, it may be best to work with your partner or Aruba Support as you would need to see each step in Access Tracker and depending on what can be seen there go deeper or test other things. This video shows the basic steps of Guest Access, in case that helps.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: ClearPass Guest - Self Registration

    Posted Dec 22, 2022 11:46 AM
    Thank you, Herman. 

    Increasing the login delay from 1sec to 10secs seems to have resolved the issue on all of my testing devices.


  • 4.  RE: ClearPass Guest - Self Registration

    Posted Jan 03, 2023 07:37 AM
      |   view attached
    Hi Herman, 

    I was wondering if you could help with something else related to self-reg. 

    After the account has been confirmed and the user is given full internet access they are then re-directed to the following page (image attached) - which shows the confirmed registration. This page is a little bit unnecessary/ confusing for the user as it doesn't actually reference a successful connection. It also just opens a web page which you then have to manually close. Is there a way of removing this page from the login flow - I also cannot find where to edit the text in the page (guest_register_confirm). 

    Any help would be appreciated. 

    Thanks, Adam




  • 5.  RE: ClearPass Guest - Self Registration

    Posted Jan 03, 2023 08:02 AM
    I've since figured out why the page guest_register_confirm would appear. 

    It is referenced as a redirect in our HTML config for the 'confirm' button within our email receipt template. This has now been changed to display a page 'you're now successfully connected' as I think this is a little more user friendly.


  • 6.  RE: ClearPass Guest - Self Registration

    Posted Sep 12, 2023 04:01 PM

    Hello

    I am trying to do the same, can you be more specific how and where you replaced the guest_register_confirm page?

    I can't figure it out.

    Much appreciated.