Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Authenticated Guest User Web Page Redirect Based Upon Username Login ID

This thread has been viewed 0 times

  • 1.  Authenticated Guest User Web Page Redirect Based Upon Username Login ID

    Posted Feb 24, 2014 11:53 AM

    I understand in the captive portal auth profile on the controller you can have a welcome page for all guest users who successfully authenticate. My question is based upon the username given for authentication, is there a way to provide a different welcome page based upon this criteria.

     

    For example: the guest captive portal configuration profile on the controller shows the welcome page to be: http://www.google.com

     

    But what if the username had arubanetworks in the username; could we have the welcome page to go to http://www.arubanetworks.com instead?

     

    We do not want to create a new SSID, login page etc if not possible. I was thinking maybe based upon the username coming into ClearPass, the client would get a role that has a webpage redirect in it for the welcome page. Just not sure if this is possible.

     

    Any thoughts/ideas?



  • 2.  RE: Authenticated Guest User Web Page Redirect Based Upon Username Login ID

    Posted Feb 26, 2014 05:14 AM

    Thats why we use ClearPass ;)

     

    But ok - that aside lets see how this works.

     

    The initial Captive Portal you land on can be whatever. Just a plain html with some links if you will.

     

    This post on the partnerweb will give you some more insights:

    https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-154

    Also use the AOS user guide starting from "Installing a New Captive Portal Page" (I used the 6.3 doc)

     

    So I'm thinking this flow could work..

    Config would be almost the same as the above link:

    • aaa authentication captive-portal "custom-cp"
    • user-logon
    • no guest-logon
    • no logout-popup-window
    • enable-welcome-page
    • welcome-page "your-auto-redirect.html"

     

    The initial login page has a webform that submits username/password to a itself or a new page. Javascript checks the username and based on your criteria it creates a cookie that has the correct redirect URL (the AOS UserGuide has almost all the details for how to do this). I'm a little sketchy on how to proceed here, but you could have a "continue" button that submits the username/password to "/auth/index.html/u" ann authenticates you.

    Then the welcome page is triggered and here you should pick up on the cookie and do an automatic redirect based on the value of the cookie. This also is in the AOS UG for how to do.

     

    This should work - in theory :)