The configuration that you shared looks correct, so there probably is something wrong in configuration that you have not shared. There is configuration on ClearPass, the AP, the client that all needs to be aligned and in sync.
I would run a trace in the browser (developer tools) and see/follow the process through the flow to see where it moves away from the expected path and what redirects you back to the ClearPass home page. From there find what is causing the deviation, and that probably is your solution. Your Aruba Partner or Aruba support may be able to assist in there. It's hard to know what is wrong without seeing the process and having full access.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 17, 2024 08:18 AM
From: Spectris Asia
Subject: IAP witch ClearPass configuration Microsoft SSO login error
Hi Herman,
I use ClearPass Guest to provide the authentication page and ClearPass Policy Manager Social Media Authentication to provide the authentication service.
Original Message:
Sent: Jul 11, 2024 11:06 AM
From: Herman Robers
Subject: IAP witch ClearPass configuration Microsoft SSO login error
What ClearPass Appliciation are you trying to authenticate? Guest? Guest Operator? Policy Manager?
Without knowing what you try to do and how/what you configured, it's hard to guide further.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jul 10, 2024 11:58 PM
From: Spectris Asia
Subject: IAP witch ClearPass configuration Microsoft SSO login error
Hi Herman,
Thanks, now I can authenticate via Entra ID, but after successful authentication, I am returned to the ClearPass management window and cannot access the network any further. What other configurations need to be checked?
Original Message:
Sent: Jul 08, 2024 10:15 AM
From: Herman Robers
Subject: IAP witch ClearPass configuration Microsoft SSO login error
It looks like the Microsoft login page is redirected as part of your captive portal. You should exclude the Entra ID authentication services from redirection. Check here for which domains to exclude.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jul 08, 2024 06:15 AM
From: Spectris Asia
Subject: IAP witch ClearPass configuration Microsoft SSO login error
IAP 315 and ClearPass Policy Manager 6.12.0.300732
MicrosoftEntraID Cloud Identity - Social Media Authentication policy
Can anyone share their experience with IAP and Microsoft Entra ID verification? When I configure IAP, the Microsoft login page pops up and it says that the certificate does not match and I cannot continue. The AP I manage with MM does not have this verification problem.