Security

Hi everyone,

on ClearPass Guest, I would like to create a Web Login Page that allows the user two options of proceeding:

1. enter username and password and click "Submit" button (this is the normal process)

2. click another button (might be called "basic access") to receive limited access without entering any credentials.

I have been pondering this for a while and am currently seeing a few options neither of which I have been able to fully implement, see below. Feel free to tie into these thoughts or propose something completely different. I am grateful for any ideas!

Option A. The "basic access" button is a second HTML Submit button on the Web Login Page, but with the additional action of setting the username and password input fields to specific hardcoded credentials before submitting to ClearPass Guest. (Having these basic access credentials visible in the HTML source would not be a problem.) I could not accomplish this since I need Javascript to set the username and password fields on button click, which is not accepted by ClearPass Guest's syntax check in the Header HTML and Footer HTML fields of the Web Login edit dialog (neither with "Custom Form" disabled nor enabled).

Option B. The "basic access" button is a HTML Submit button with a specific name and value that are submitted to ClearPass Guest _instead_ of username and password when it is clicked. I would need to have ClearPass Guest check for that button's value and take specific authorisation actions based on the presence of that self-defined additional button name and value. I unfortunately do not know a way to implement this in ClearPass Guest.

Option C. Use a standard Web Login form and already give limited network access to unauthorised users. But: It is a requirement to have the Web Login open automatically as a captive portal. How can I prevent the captive portal from firing again and again if the user never submits the Web Login form? (Using ArubaOS 6.5, controller-based)

As stated before, any hints are welcome, whether relating to my above thoughts or not.

Thanks!

Christoph

I would create a new field which operates as a dropdown box on the page. 2 options (free access, login).

Based on which option is selected changes which fields are visible. You can accomplish this using the "Visible If" and "Enable if" fields in the advanced configuration of each field. i.e.

(typeof(account_type) != "undefined" && (account_type.value=="free")) 

You would put this code in the "Visible if" field on specific fields. This would use a new field called account_type that if was set to "free" would display this field. Use username for fixed account and email_address for users creating accounts.

Hi dave27,

thanks a lot for your quick reply!

When speaking about creating a new field and using "enable if", it looks to me that's only possible on Self-Registration pages, not on Web Login pages. - Am I correct?

Up to now, I was trying to get what I described to work on the Web Login page itself, because the user should already have had a password created before coming there.

One could though use the Self-Registration page, add user/email_address and password fields and mark them as "Pre-Registration: Guest must supply field" in order to check for them. I will try whether that works.

Thanks,

Christoph