Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Post Authentication Information Collection

This thread has been viewed 11 times

  • 1.  Clearpass Post Authentication Information Collection

    Posted Aug 01, 2018 10:32 AM

    Hi,

     

    I have Clearpass configured in such a way whereby operators can create logins with usernames based on events and with very simple passwords. Such as, username: airheadsconference, password: airheadsconference, which then lasts for the duration of the conference.

     

    End users connect to the conference SSID, hit captive portal, authenticate against a user authentication with MAC caching service and login with the simple credentials.

     

    I'd like to collect the names and email addresses of the people using the shared username and password with some sort of HTML webpage that they get redirected to post authentication that then requests this information and adds it to the endpoint.

     

    Is this possible?

     

    Cheers

    Shaun



  • 2.  RE: Clearpass Post Authentication Information Collection

    EMPLOYEE
    Posted Aug 01, 2018 10:35 AM
    You would need to use a self-registration workflow instead of a web login.


  • 3.  RE: Clearpass Post Authentication Information Collection

    Posted Aug 03, 2018 09:47 AM

    Hi Tim,

     

    Thanks for the reply,

     

    So my understanding of Self Registration is that it allows anyone to access the network by entering simple details and then a sponsor allowing them access.

     

    We do not want to inundate the sponsor with 1000's of emails from prospective wireless users. We'd like them to authenticate with a pre defined guest account. How do we get around this?

     

    Cheers

    Shaun



  • 4.  RE: Clearpass Post Authentication Information Collection

    EMPLOYEE
    Posted Aug 03, 2018 10:43 AM

    You do not have to enable sponsorship on a guest self-registration.

     

    Just create a custom field with a validator to check the "code".



  • 5.  RE: Clearpass Post Authentication Information Collection

    Posted Aug 03, 2018 11:25 AM

    Sorry Tim you've lost me - Can you elaborate please?



  • 6.  RE: Clearpass Post Authentication Information Collection

    Posted Aug 22, 2018 07:56 AM

    Ok so I've managed to resolve this now by doing the following, it's a bit of a fudge but it works well and no JavaScript is involved.

     

    When an end user connects they get placed into a role with a captive portal profile leading them to a web login, the inital role has an authentication role that again has a captive portal profile leading them to a self registration form requesting details, and then after authenticating in self registration they there are placed into an authenticated role wthout captive portal and allowed out the door.

     

    So in essence an end user connects and is presented with a weblogin, after authenticating they are then presented with a self registration form, and then after authenticating with self registration they are free.

     

    Hope this helps for those who had the same question as me and needed to protected thier network via a shared username and password but also required collecting visitor details.

     

    Cheers

    Shaun