Security

We are currently setting up a guest network using ClearPass and utilizing the sponsored guest feature through the self registration page. I want guests to have to manually type one particular email address in as the sponsor and only that email address be able to be the sponsor. I want them to get an invalid sponsor error when they type any other address. Is there a way to set one custom email that is the only account that can sponsor and for them to have to manually type it in, not hidden or pre-populated? Thank you for any assistance.

Edit the sponsor_email field and add a validator like below:

 

 

 

array (
  'allow' =>
  array (
    'myemail@domain.xyzz',
 ),
  'deny' =>
  array (
  ),
)

Thanks, going to try that right now. So the email address that I want to be the single authorized sponsor needs to be the email address in the validator?

It still allows me to enter other email addresses besides the one I really want it to be and sends them an email to authorize. When the guest enters any other email but the one I want it to be I want them to receive an invalid sponsor message. Thanks.

Now it's not sending me an email and the login button is active without approval. I was getting the emails yesterday. Any thoughts?

Did you replace 

myemail@domain.xyzz

with the email address you want to allow? 

I did. Should I leave or remote the quotations? Problem now is it's still allowing me to enter other addresses and now I'm not getting an email at all when I was yesterday. Test email via CPPM is working. Thanks.

Ok, I'm getting emails now, but still able to use other email accounts as sponsor.

Any further thoughts on this? Thanks for your help.

Just a quick update to this issue. After spending some time on the phone with Aruba we are going the route of using LDAP to try to accomplish this. Have another call with them today in hopes to use a LDAP filter to perform this. If anyone has any tips that would be appreciated. Thanks.

Ok, another update...if anyone is listening. We can't use the LDAP feature. Our AD accounts are not the same as our email addresses and our email is hosted by gmail, so no luck there. So we're back again to the suggestion in this thread that doesn't work. Aruba tried this validator as well in their test lab and could not get it to work as well. They say this validator is only for the entire domain, not a single email account. They are going to take this issue back to their lab and hopefully come up with something, but I can't believe this is a rare or odd request, to be able to define and control who our sponsors are. It's bizarre to me that anyone can be the sponsor. We can't have that. Is there anyone else out there that can assist us with this. Been on this all week and many hours and ready to find a solution. If there's a tweak to this validator to make this work that would be great. Thanks anyone for your help.

From what i can gather here: http://www.arubanetworks.com/techdocs/ClearPass/CPGuest_UG_HTML_6.5/Content/Reference/FormFieldValidationFunctions.htm

 

This field only checks the domain portion of the email address, not the full address.

 

If you are looking for a specific string to be entered there, why even use the 'isValidEmail' validator? Why not use 'isEqual', 'isIdentical' or 'isRegexMatch' and then in the validator field just enter the specific email address you watch to match against?

 

Edit: This worked in my lab. If i set the sponsor_email field validator to 'isEqual' and Validator param to (none). Then in the argument i put 'username@domain.com' if i put anything other than "username@domain.com" in the sponsor email during registration it spits out 'please enter a valid email address'. Only thing is it is case sensitive. YOu could fix that by using regex, but I'm not going to test that now :)

Thank you for your response! Can you send me the exact argument you used? Thank you.

Login to ClearPass Guest

Browse to Configuration > Pages> Guest Self-Registartion

Select your self reg page > Edit

Under Register Page click Form

Select Sponsor Email click Edit

 

Set the following:

Validator: "isEqual"
Validator Param: "(None)"
Validator Argument: username@domain.com

 

Ok, thank you. I didn't realize it was as simple as just adding the actual address itself. I thought it might be some script or other argument. Do you know if you can add multiple addresses? Like if we wanted two or more sponsors for backup? Thanks.

Check out the doument i linked. There is an option 'isArrayValue' which lets you setup a list of values to match against. However I am not sure the exact syntax for that

 

My guest would be something like

 

array(

'email1@domain.com',

'email2@domain.com,

)

 

 

Thanks for your help. It seems that should work, especially by looking at the document you sent me, but it's not. I'm typing the argument as they have listed in the example. We're close. You got me to where I can at least limit it to one sponsor but optimally I would like to have at least two. Thanks again.

Here is the syntax for an array which works for me

 

array (
  0 => 'email1@domain.com',
  1 => 'email2@domain.com',
)

THAT WORKED!! Thank you for taking the time to work with me on this!

I'm using this syntax and still got error :

 

Validator: isValidEmail

Validator Param: (none)

Validator Argument:
array (
  'allow' =>
  array (
    0 => 'user1@domain.com',
    1 => 'user2@domain.com',
    2 => 'user3@domain.com',
  ),
  'deny' =>
  array (
  ),
)

 

Please help

 

Thanks,

Jefri

 

Please see my replies above. You need to use the isArrayValue validator, and the array syntax I provided above.

Ok, got it and it is working  :)

 

Validator: isArrayValue

Validator Param: (none)

Validator Argument:

array (

0 => 'user1@domain.com',

1 => 'user2@domain.com',

2 => 'user3@domain.com',

)

 

Thanks

 

Rgds,

Jefri