Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Redirect issue

This thread has been viewed 2 times

  • 1.  Redirect issue

    Posted Mar 27, 2015 01:57 PM

    I currently have a single click SSID with ToS acceptance setup and working with guest mac auth and caching.  It seems all browsers are working except Safari.  Safari says it cannot create a secure connection to securelogin.arubanetworks.com.  I had thought this was happening because of the cert so I exported the cert and installed it on the device with Safari but that did not correct the issue.  I'm still getting the same error.  Any suggestions?



  • 2.  RE: Redirect issue

    EMPLOYEE
    Posted Mar 27, 2015 10:59 PM

    Can you please post a screenshot?



  • 3.  RE: Redirect issue

    Posted Mar 28, 2015 07:45 AM
    A screenshot of the safari browser?





    Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.


  • 4.  RE: Redirect issue

    EMPLOYEE
    Posted Mar 28, 2015 08:05 AM

    Can the device ping securelogin.arubanetworks.com?  What ip address does it resolve to?

     



  • 5.  RE: Redirect issue

    Posted Mar 28, 2015 08:13 AM
    Colin,

    I havent tried that but the redirect works fine from the same device (iphone) using the chrome browser. What I have noticed is that when I accept the TOS the first time Safari sends the MAC as the username instead of the randomly generated username set in the web login page. Because of this it hits my mac auth service and fails because the device isnt in the endpoint or insight databases yet.

    Thanks





    Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.


  • 6.  RE: Redirect issue

    EMPLOYEE
    Posted Mar 28, 2015 08:18 AM
    Msales,

    There may be too many places that this could break. You have custom code, Mac authentication, clearpass services, an iPhone with little diagnostics... Where do we even start?


  • 7.  RE: Redirect issue

    Posted Mar 28, 2015 08:34 AM
    This is not custom code. I have a guest web login set to do anonymous login using the generate random account option. The cppm services were created using the guest mac auth template. This process works in IE and chrome just not safari. What diagnostic info would you like?

    Thanks





    Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.


  • 8.  RE: Redirect issue

    EMPLOYEE
    Posted Mar 28, 2015 10:53 AM
    It sounds like the device is disconnecting before the terms are accepted which explains the MAC auth. Are you getting the captive network assistant or the actual safari browser?


    Thanks,
    Tim


  • 9.  RE: Redirect issue

    Posted Mar 29, 2015 10:16 AM
    Not getting the CNA. This is in safari. I believe the role is setup so that the CNA should not pop up.

    Thanks

    Matt Sales
    Network Engineer II
    Centra Health
    434-200-5574





    Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.


  • 10.  RE: Redirect issue

    Posted Mar 30, 2015 11:45 AM

    After further research it appears this has to do with iOS version.  On devices with 8.x after accepting the TOS it does not redirect to the originally requested page.  I receive an error in safari that it couldn't create a secure connection to the server and have securelogin.arubanetworks.com in the URL bar.

     

    On a device running 7.x behavior is as expected with Safari taking me to the originally requsted pages after accepting the TOS.