Security

last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest - Return to splash page to re-authenticate?

This thread has been viewed 2 times

  • 1.  Guest - Return to splash page to re-authenticate?

    Posted Nov 21, 2018 01:48 PM

    Hey All, is there a method for guest users to return to the splash page to re-authenticate (for elevated access)? 


    Scenario: Our splash page has multiple options, say 'basic' and 'advanced' access. If they click 'basic', and later decide they want 'advanced', how do they get back? I can do it manually by clearing their MAC Cache timer and forcing them back to the splash page, but how can they do it themselves? Maybe browser history to get back to the original redirect URL? Some other better method? 

     

    The config is basically the canned 'guest access with MAC caching'

     

    Thanks. 



  • 2.  RE: Guest - Return to splash page to re-authenticate?

    EMPLOYEE
    Posted Nov 21, 2018 02:17 PM

    Hi cm119,

     

    I have not used this before, but from my point of view, this should be possible. Have a look at this page:

     

    https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-disconnect-logout-an-active-guest-device/ta-p/467315

     

    This is to allow the user to logout, but I think you need something very similar, except the logout. The page descibes, how to get the user details and with those you can provide the user an option to elevate his level. 

     

    hope this helps. 

     

    BR

    Florian



  • 3.  RE: Guest - Return to splash page to re-authenticate?

    Posted Nov 21, 2018 02:34 PM

    Thanks, looks interesting, but a bit complicated. I should also add in my scenario that when a user has gone through the splash page for 'basic' access, they are an anonymous guest, so they would not have a guest account to use to log back into the 'logout portal'. So i'm looking for a way to elevate a guest from 'anonymous' to 'registered guest.' I suppose there may be some way to hack together a 'logout' page where they can enter their MAC address, and the page will then go logout that MAC and reset it's MAC cache..



  • 4.  RE: Guest - Return to splash page to re-authenticate?

    EMPLOYEE
    Posted Nov 21, 2018 02:51 PM

    Hi cm119,

     

    From my point of view, you don't need the logout. With the logout page from the example, you will get the user session and with that, the mac address and controller and/or ap, the user is connected to. This should be enough to present the user a login page, with a description, that he is using basic access with some limits and to get over this, he simply needs to register. After he enters the details you use the information from the session to either logout the user and reauth the user with the new role or you send a COA. 

     

    But the above is just theory, but I have added it to the list of things I need to test. :)