Security

Hello everyone,

 

I have setup Clearpass to provide a captive portal which will require the guest to input his name and phone number to access the network. The generated credentials will not be shown in the guest receipt but will only be sent via SMS, this to ensure the phone number actually exists. I have replaced the default login button in the receipt with a new one which redirects the user to the login page where he will use his new credentials to login.

 

Now the customer is requesting if we can somehow skip this last part, ie the user manually inserting user and pass to login.

What he would like to have is as follows:

 

1. register page -> name + phone number (already up and running)

2. upon registration, just a notification that the credentials are being sent via sms and no info or login button whatsoever displayed (easy peasy)

3. IN THE SMS RECEIPT - credentials + a link that will allow the user to perform some sort of single sign on, or a link to a page with a login button that will, again, allow automatic login without requiring the guest to manually input his credentials

 

Can this be accomplished somehow?

This wouldn't work because the login itself needs to happen on the device you're authenticating. So clicking a login link on a mobile device, wouldn't be able to log in your laptop.

Thanks,
Tim

Mmh thank you, I hadn't thought of that..Since I know my customer is going to ask this next, let's say we accept this tradeoff and basically restrict access to tablets\smartphones with sms capabilities only for that particular SSID, would then the link thingy be technically doable?

If you place this in the SMS 

 

-----------------------------------------------

Username: {$u.username|escape}
Password: {$u.password|escape}
{if $u.expire_time > 0}Expires: {$u.expire_time|nwadateformat:"iso-8601t"|escape}{/if}

Ensure you are connected to the <insert your SSID> WiFi network then click this link:

https://<FQDN>/guest/guest_login.php?username={$u.username|rawurlencode}&password={$u.password|rawurlencode}"

----------------------------------------------

 

It will auto populate the username and password for you

 

Regards

 

Ryan

Thank you so much, it works!

Hi Timson

 

Thank you for your support.

When I use your code for the link in my SMS Receipt, then the user gets to the CP Guest Login Page.

( ClearPass Guest 6.6.0.32527 on CP-HW-500 platform )

 

Link in SMS:

 

Login page which appears after click on link:

May the German Login Page be the problem !?

 

Kind regards from Switzerland,

 

Konrad

We found the solution with inputs from different supporters. Thanks.

 

The name of the correct login php script depends on the  name of the register page.

We named our register page 'guest-sms'. In our case the correct link is:

 

https://wifi.foo.ch/guest/guest-sms_login.php?_browser=1&username={$u.username}&password={$u.password}

Hi,

thanks for the link.

Is it possible to auto accept the terms and submit?

thanks

------------------------------
Tobias
------------------------------

Original Message:
Sent: Jul 18, 2016 04:26 AM
From: Konrad Schnetzler
Subject: ClearPass + "Single Sign-On" Link in SMS Receipt

We found the solution with inputs from different supporters. Thanks.

 

The name of the correct login php script depends on the  name of the register page.

We named our register page 'guest-sms'. In our case the correct link is:

 

https://wifi.foo.ch/guest/guest-sms_login.php?_browser=1&username={$u.username}&password={$u.password}