Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Webpage on Clearpass which redirect to 2 self-service portals

This thread has been viewed 16 times
  • 1.  Webpage on Clearpass which redirect to 2 self-service portals

    Posted Feb 29, 2024 08:24 AM

    Hello all,

    I am trying to configure a webpage with two buttons on Clearpass, which is presented when a client connects to the guest WiFi. Those two buttons lead to two different self-service portals (one for employees and one for visitors).


    The redirection works

    But when I click 'Register' on self-service portal after rediraction from two button page I get the error 'Please enter a valid MAC address'.

    I suspect the client MAC is not being passed after redirection to self-reg page.

    Basic HTML code for button and URL:

    <h3>If you're an employee, please click here:</h3>
    
    <form id="employeeForm" action="#"align="center"> <input type="button" value="Employee Registration" style="background-color: #FF7600; color: black; border: none; padding: 10px 20px; cursor: pointer; border-radius: 5px;" onclick="window.location.href= https://clearpassFQDN/guest/employee.php?';"> </form>

    Tried like this also:

    <h3>If you're an employee, please click here:</h3>
    
    <form id="employeeForm" action="#"align="center"> <input type="button" value="Employee Registration" style="background-color: #FF7600; color: black; border: none; padding: 10px 20px; cursor: pointer; border-radius: 5px;" onclick="window.location.href= https://clearpassFQDN/guest/employee.php? _browser=1?';"> </form>

    And like this:

    <h3>If you're an employee, please click here:</h3>
    
    <form id="employeeForm" action="#"align="center"> <input type="button" value="Employee Registration" style="background-color: #FF7600; color: black; border: none; padding: 10px 20px; cursor: pointer; border-radius: 5px;" onclick="window.location.href='employee.php?';"> </form>

    And I read in one of older discussion that I need to have "?" at the end of the URL to carry macaddress, apname, ssidname etc. but it does not work with or without it.

    Does anyone have an idea or solution on how to achieve what I want? Have anyone made something simmilar to work?

    Current setup is 2 SSIDs with two self-service portal (employee and visitors), now I want to remove one SSID and have just one with two different registration portal. (I need two portals because visitors needs sponsor approval from someone with company email address).


    Thank You



  • 2.  RE: Webpage on Clearpass which redirect to 2 self-service portals

    Posted Feb 29, 2024 10:41 AM

    A couple things to check:

    Is the mac_auth field enabled in your MAC Create form?

    Do you have the "MAC Detect" Plugin Enabled [Administration > Plugin Manager > MAC Authentication]

    Do you see the appropriate MAC address in the redirect URL when testing?



    ------------------------------
    If my post was useful, please Accept Solution and Give Kudos.
    ------------------------------
    Zak Chalupka
    Principal Engineer - HPE Aruba
    ACDX | ACMP | ACSP | ACCP
    wifizak@hpe.com
    ------------------------------
    Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
    ------------------------------



  • 3.  RE: Webpage on Clearpass which redirect to 2 self-service portals

    Posted Mar 01, 2024 04:49 AM

    Hello Zak,

    mac_auth field is enabled in MAC Create form.
    MAC detection was not enabled, but after I enabled it the problem still persists, so it' not  due to it I think.
    Client mac and rest of attributes are in the URL of "landing page"
    but after i click on button to redirect to self-service portal they get lost




  • 4.  RE: Webpage on Clearpass which redirect to 2 self-service portals

    Posted Mar 01, 2024 01:29 PM

    Ahh, I see. This is an interesting scenario.

    Looks like you have some HTML experience, yes?

    The Guest Web Server utilizes a smarty engine that initializes the values from the original URL. Those values could potentially be used to restructure the additional linked URLs. 

    It would be hard to explain the entire process via this form but you may begin playing with the below values:

    [formatted with some header values, just so you can place and see the data]

    <h1>
    {$extra_fields.apgroup|rawurlencode}
    </h1>
    <h1>
    {$extra_fields.mac}
    </h1>
    <h1>
    {$extra_fields.url}"?cmd=login&mac="{$extra_fields.mac}
    </h1>



    ------------------------------
    If my post was useful, please Accept Solution and Give Kudos.
    ------------------------------
    Zak Chalupka
    Principal Engineer - HPE Aruba
    ACDX | ACMP | ACSP | ACCP
    wifizak@hpe.com
    ------------------------------
    Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
    ------------------------------



  • 5.  RE: Webpage on Clearpass which redirect to 2 self-service portals

    Posted Mar 07, 2024 10:43 AM

    Thank you for your suggestions Zak. Yeah i understand little bit of HTML/JS/CSS back from college.
    I finally managed to resolved the issue by placing small part of javascript code inside {literal} block.

    Your mention of smarty engine made me read smarty engine syntacs on clearpass docs which I didn't know is in background.

    JS scirpt is pretty simple:

    getting current URL
    var currentUrl = window.location.href;
    
     xtracting query string from the current URL (all "key value pairs" everything after "?" )
     var queryString = currentUrl.split('?')[1];
    
    constructing new redirect url by adding that extracted querry string to it
    ClearpassFQDN/guest/myportal.php?' + queryString;

     And thats it. 




  • 6.  RE: Webpage on Clearpass which redirect to 2 self-service portals

    Posted Mar 07, 2024 11:36 AM

    That's great! Glad you were able to get that written to reconstruct and pass on those values. 

    It's not an uncommon task to use similar logic for things like APGroup. 



    ------------------------------
    If my post was useful, please Accept Solution and Give Kudos.
    ------------------------------
    Zak Chalupka
    Principal Engineer - HPE Aruba
    ACDX | ACMP | ACSP | ACCP
    wifizak@hpe.com
    ------------------------------
    Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
    ------------------------------