Security

 View Only
  • 1.  Custom login form (not a duplicate post)

    Posted Dec 06, 2024 05:37 AM
    Dear Experts, 
     
    Can someone provide a proper understanding of how login page works in ClearPass guest? what exactly happens when user submits the form? 
     
    What i have seen and observed (using chrome and burp) that first submission is to the page itself with below command
     
    no_login=&user=111&password=111 and then IF the username and Password is CORRECT, then it post the same form to controller. So if user enters incorrect username/password or nonexistent username, then i can see the error on the form itself (it is not posted to controller). If i am writing a custom login form, how can i achieve this functionality to make sure that it first checks with clearpass and if username/password is correct then only send to controller.
     
    Currently i tried to post to the page itself and tried to catch the error but its not working as expected. 
     
    Can anyone walkthrough me how this should be done?


    ------------------------------
    iqbal
    ------------------------------


  • 2.  RE: Custom login form (not a duplicate post)

    Posted Dec 06, 2024 10:41 AM

    Validation of username and password prior to submitting to the controller is dependent on the Pre-Auth Check configuration.  Some options, like App Authentication, can return messages for display on the login form.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: Custom login form (not a duplicate post)

    Posted Dec 06, 2024 12:02 PM
    So first we have to post the form simply to the page itself or is there any other logic also working in the background? 


    Best Regards
    Owais Iqbal
    CCIE#37956 | ACDX 
    Technical Consultant - Aruba Networks
    Mob/Whatsapp: +92-321-2960496