Security

Reply
Occasional Contributor I

CPPM Guest Access and >2 roles

ClearPass Policy Manager 6.7.8.109113

ClearPass Guest 6.7.8.109113

AOS 6.5.4.10

 

We have a remote location with very limited cellular coverage. Using SMS as a passcode delivery method isn't available. Email is the only option.

 

We allow public users to register an account using ClearPass Guest. After associating to the open SSID we direct them to the captive portal and ask for an email address during registration, using that as the guest username and sending the passcode to it.

 

The user's initial role is REG-PORTAL, then after logging in with the username (email address) and the passcode they move to a role of CUST-GUEST.

 

The problem is we need to allow Internet access so they can check their email to retrieve the passcode. But the user cannot check their email w/out first logging into the Captive Portal with the username (email address) and passcode. It's a chicken -> egg issue.

 

Is there a way to allow n minutes (say, 15) of unauthenticated internet access after registering for a Guest account, but before logging in? Can a third role be assigned to the user as a bridge?

 

For example:

A scenario where the user associates, gets directed to the captive portal, registers for a Guest account, checks their email to retrieve the passcode, logs in successfully w/ new creds, then has an active Guest account.

- Associate with open SSID -> Role = REG-PORTAL

- Register for Guest account, but not yet logged in -> Role = POST-REG

- Login with Guest account username/passcode -> Role = CUST-GUEST

 

Scenario same as above, but the user doesn't login with the new creds within 15 minutes. Then the role is changed back to the REG-PORTAL role.

- Associate with open SSID -> Role = REG-PORTAL

- Register for Guest account, but not yet logged in -> Role = POST-REG

- User doesn't login with username/passcode in 15 minutes -> Role = REG-PORTAL

 

Is this a possible option?

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: