Security

Reply
Occasional Contributor I

Guest Captive Portal with Multiple Web Login Pages

Hello,

 

 

I'm currently developing a guest captive portal that redirects to a terms and conditions checkbox to provide anonymous public access login, with an optional hyperlink to an separate web login page with a username/password combination for contractor access (the customer's design). Surprisingly, I couldn't find any examples, or similar forum posts, in my searches, but had assumed this was a simple process of adding in the hyperlink to the header HTML code of the default anonymous Web Login page pointing to the URL of the alternate user/pass Web Login page. To clarify, I've created two separate Web Login pages to accomplish this in Clearpass Guest.

 

This links work perfectly fine when I test it directly from internal networks, but when I have the customer test onsite from the guest SSID, apparently clicking on the link only cycles back to the original anonymous web login page with an "error connecting" message.

 

The NAD is an Instant AP.

 

I'm currently just looking to determine whether this is even possible (I assume it should be), and if I'm missing anything obvious in how to link to the alternate Web Login page. I assume there must be some way for Clearpass to maintain the information of the connecting client and NAD device, so possibly something needs to be included in the HTML (or JS?) to carry over this information between the web login pages?

 

Cheers!

Guru Elite

Re: Guest Captive Portal with Multiple Web Login Pages

Are all of the webpages on the ClearPass host, or are they on another external box?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
MVP Guru

Re: Guest Captive Portal with Multiple Web Login Pages

If you change your redirect to the contractor page (or create a new one on a different SSID if you are in production), does the contractor login work then?

 

What I would do first is to understand the exact flow for the client. So, connect a laptop to the guest SSID and run Chrome or another browser that can record and show all the requests (Ctrl-Shift I on Windows, CMD-Option-I on Mac) then go into the network, click preserve log and follow the whole process. Then you know what redirects are happening, when the client is redirected to your IAP for the actual login, what the response is. 

 

Do you see the RADIUS request coming into the ClearPass?

You can check this video on how to use the developer tools and how a proper guest workflow should look like.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor I

Re: Guest Captive Portal with Multiple Web Login Pages

All pages are on the Clearpass host. Basically, I've created two "Web Login" pages within Clearpass Guest. One is anonymous auth, and the other is username/password.

 

The customer wants to first be presented with a Captive Portal that allows public Internet users to simply click a Terms and Conditions button, a submit button, and they are in. But he wants contractors to be able to click on a hyperlink from that original page, that redirects them to a page that asks for a username/password.

The captive portal redirect to the first anonymous page is working, and clicking the Terms and Conditions checkbox and submitting gets them onto the network exactly as expected. But clicking on the hyperlink to the separate username/password Web Login page simply returns to the same anonymous Web Login page.

When I test from the "test" button within Clearpass guest Web Login config page, or manually go to the URL, the redirection works fine back and forth between the two.

 

There is the possibility that something is screwed up client-side, and I've asked him to try a different client, but I was hoping to determine whether this is a supported config in the meantime, and is as simple as injecting an HTML hyperlink between two Clearpass-configured Web Login pages.

 

Thanks for your prompt assistance!

MVP Guru

Re: Guest Captive Portal with Multiple Web Login Pages

Yes, it should be as simple as putting the link in.

 

One think that might be a problem is if your link points to http (without the s), as port 80 traffic is redirected back to the anonymous login page.

 

What you can/should try as well is to configure a pre-authentication role in your Instant and whitelist the ClearPass IP. Also, did you enable the automatic URL whitelisting in the captive portal config?

 

If you trace the client actions with the Chrome Developer Tools, you can probably see where the redirect is happening on what request to better understand the issue.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor I

Re: Guest Captive Portal with Multiple Web Login Pages

Perfect, thanks. That gives me something to start playing with, and I'm sure it's a fairly simple fix.

 

Cheers

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: