View Only
last person joined: 3 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).

ClearPass - Sponsor token issue on expired users

This thread has been viewed 2 times
  • 1.  ClearPass - Sponsor token issue on expired users

    Posted Sep 26, 2022 03:31 PM
    Hey guys,

    I am seeing an issue with Guest Access with ClearPass Guest and Sponsor approval.

    In summary, our customer reduced the Guest expiration (Expire_After) to 8 hours. This works fine when the end use comes in for the first time, creates the account. It is disabled until the Sponsor clicks the link.

    The issue the next day, if the same user tries to recreate the account. The password if overwritten, as expected. The account is set to disabled and the sponsor receives the email. When the Sponsor clicks the link, he gets a "Invalid Registration Token", so the account is stuck as deactivated.

    If we delete the account and the end user recreates it, no issues. It is only when an expired account gets recreated. We are thinking of setting the system to delete the accounts every day or after they expire - either by changing the do_expire field or the cluster wide parameters.

    Anybody else face this issue? Any work around other than deleting the account?