Security

 View Only
  • 1.  Clearpass - Strip Username Rule Challenge

    Posted Apr 22, 2015 11:12 AM

    Airheads,

     

    I've ran into an issue when I strip the domain if the users enter their full e-mail address in the authentication form in a captive portal. I'm using the "user:@" strip rule which works fine for AD authentication source but the full e-mail username is needed for Clearpass guest auth source accounts. With this strip rule active users can't login with guest accounts. I don't have the luxury of disabling the rule since some AD users still use their full e-mail to authenticate at times.

     

    Anyone have any ideas of how to solve this challenge? I thought that I could possibly use @ouraddomain as separator for AD users but that does not appear to be allowed.

     

    Thanks,

    Peter

     



  • 2.  RE: Clearpass - Strip Username Rule Challenge
    Best Answer

    Posted Apr 22, 2015 11:16 AM

    I have run into this and solved it by using a separate employee web login page with two different services. You can key off the page name in the service rules.