Security

Hi,

odd problem here:

When using sponsored guest access, the following field are provided: e-mail, name, phone, sponsor e-mail. 

In manage accounts, in the column of sponsor, the sponsor's name is displayed. For accounts created by receptionists, the accountname is visible. But for accounts created with self-registration, the sponsor name is the same as the guest username/e-mail address. 

How can I make the sponsor name match the sponsor e-mail?

Kind regards,

JCelis

Is your self-registration workflow using sponsor or is that a different one?

yes; there are 3 options in adding guest users in this setup:

1) receptionist creating guest users. Sponsor name is account name of the one creating the user account.

2) byod portal where users are sponsoring their own account. so sponsor name is equal to username.

3) guest captive portal using self-registration with sponsor confirmation. Sponsor name shouldn't be equal to guest username. The sponsor e-mail field is filled in. For the sponsor name field, ClearPass uses the guest e-mail address. 

Out of the box, it should not behave that way (just tested in my lab).

CPGuest > Config > Pages > Guest Self-Reg > (edit yours) > Diagram :: Register Page :: Fields :: Edit :: sponsor_email field is enabled?

CPGuest > Config > Pages > Guest Self-Reg > (edit yours) > Advanced Edit > Sponsorship Confirmation == enabled?

CPGuest > Config > Pages > Guest Self-Reg > (edit yours) > Advanced Edit > Sponsorship Confirmation :: Email Delivery :: Email Field :: Use Default: sponsor_email ??

To fill in some of the mystery here...

sponsor_name must have a value due to some backend restrictions and as of 6.0 we started filling in the username when a sponsor name is not available.

If your sponsor setup is a manual email or dropdown then only sponsor_email is going to be set leaving sponsor_name to our logic.

If you are using LDAP Lookups we should be filling in both fields if it is configured right.

In all cases, when a sponsor sponsors, their name and email (assuming the email is being served to us) get set.  If you are piggy-backing the LDAP lookup this will be automatic.  If you are using a CPPM auth service you need to make sure email is returned.

Add register_token_confirmed to guest_users / Manage Accounts to see who has not been sponsored.  You can even put "register_token_confirmed=0" into the filter box to filter just the ones needing sponsor. Or even bookmark "guest_users.php?search=register_token_confirmed=0".

On all 3 questions: correct.

Yet still adds the username as the sponsor name instead of the sponsor e-mail. Which seems odd behaviour for automatic fill in. Would assume it copies sponsor e-mail as value. 

Check the Attribute Matching box in the server setup.  Ensure the line with sponsor_email is not commented (with a #) and that the attribute it maps is correct.