Thanks for the clarification...
I had been told by Aruba TAC that they would be working on a way to make HSTS sites work with CP, but perhaps the person I was dealing with disnt fully understand the complexitiies of the issue, and as you say, it cant be managed by Aruba so other machanisms must be implemented. I had been advised to add them to whitelist them as a workaround. TAC had been looking into this issue for us for several weeks and I had had many remote sessions, and it was only when I referred back to a post on these forms about HSTS, di they then confirm this problem. Could have save several weeks of to-ing and fro-ing if this had been mentioned first!
"What needs to happen here is that you need to let the devices behave the way they should, therefore with Apple, the CNA will appear, with Android there will be a popup that appears in the drawer at the top, for Windows laptops, you will see a bubble appear in the lower right hand corner. With Chrome, if you navigate to an https enabled website and it detects a captive portal, a new tab is opened which redirects the user to something like gstatic.com which uses port 80 to trigger the captive portal."
Yes, any of these would be great, but nne of this happens for us, so I need to look into why. Makes sense now why Windows devices were working!
Time for more testing!
With a home page set to www.google.com (HSTS)
On iOS, when joining Guest network CNA doesnt appear, safari just moans about no conneciton to secure server, and chrome does the same and comlains about connection not being private, in either case you cant carry on.
Android does the same as iOS with no option to accept error and continue.
Whilst the windows devices work, depening on course on what OS/IE you have, the majoriity of users will be using iOS or Android... so at the moment, this is a big stumbling block for us.
Whilst this does only affect devices that try to connect to a hsts website upon connecting to the portal, which, unless your homepage is set to google.com or other hsts site, could be a small amount of users, it could be difficult to publicise information on what to do. We were simply hoping that people would either discover the Guest network, or staff could tall them if asked, without too much assistance.
Cheers