There is not enough information to describe what you have setup. In this, I assume the captive portal is on ClearPass, but is it SAML or OAuth2, and in SP or IdP role?
Also with captive portal, you should (generically) not switch VLANs as it introduces large interruptions due to port bounces (wired) or clients not being aware of the VLAN switch and sticking to the old IP for the old VLAN and losing connectivity. The normal step is that the SSO service triggers a web login, which service can return role/VLAN other, or you need to work with cached information and MAC authentication.
As there are many moving parts here, it may be most effective to work with your partner or Aruba Support. For such implementations it's critical to see what happens, till where the process works and where it breaks, and that is hard to do in a forum like this.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Nov 22, 2024 05:53 AM
From: david
Subject: Wired Authention SSO
Hi all,
I have an Aruba CX switch with Aruba Clearpass. Im trying to utilize the default enforcement profile for Wired Authentication service within clearpass whereby a captive portal login page appears. The user SSO's within the pageand gets dropped locally within the data vlan
The issue i am facing is the service for SSO doesnt allow you to enforce vlan assignment, Im only seeing guest roles which doesnt work for what Im trying to achieve
Any suggestions would be greatly appreciated