SSO Guest on Wired ArubaOS Switch
08-31-2020 01:48 PM
I've setup a wireless SSID with OneLogin guest integrations for user authentication using SSO/SAML. Working great.
Now the customer wants to replicate the same thing on wired. However the issue I'm hitting is that the wired authentication on an ArubaOS switch uses the Login Method of server-initiated and wants a COA.
So i setup a MAB service to send the user to a captive portal, which has the Pre-Auth check set to SSO. The user logs into the OneLogin service, but when they get redirected back to ClearPass i see a failed authentication the WebAuth service, and the user is prompted with a captive portal for username/password.
The difference i see is with the Aruba WiFi i have a RADIUS submission form the AP, which then hits a service with auth method set to SSO. When I have an ArubaOS Switch, it comes in as a web auth, and i can't find a way to enabled SSO on the WebAuth. I also can't find a way to cache the auth to the endpoint in the SSO service.
Has anyone done this?
ACDX, ACCP, CISSP, CWNA