Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Wired Mac auth + Wired WebAuth

This thread has been viewed 7 times

  • 1.  Wired Mac auth + Wired WebAuth

    Posted Aug 31, 2020 06:06 PM

    Hello,

    I am implementing wired authentication with source in social login (Google).

    When I login to google, the clearpass portal starts with the 30-second counter, but when it ends, it returns me to the same clearpass portal and I don't have access to the network.
    Any idea what error this could be?



  • 2.  RE: Wired Mac auth + Wired WebAuth

    EMPLOYEE
    Posted Sep 01, 2020 03:55 AM

    Do you see a second MAC authentication in Access Tracker after the authentication?

    What are the enforcement profiles returned in each of the authentications?

     

    Please check/post the output of Access Tracker for the first and second authentication.

     

    The generic flow should be:

    1) MAC authentication, enforcement profile that triggers the captive portal redirect

    2) Web authentication (with SSO in your case), that either sets a role and/or endpoint attribute, and does a CoA to the switch

    3) The switch does a port-bounce on the client, when port comes up again, a new MAC authentication is sent to ClearPass. This MAC authentication will now either based on the cached Role, or attribute stored in the endpoint database return the 'normal-access' profile. After which you should have access.

     

    From the description, either the CoA does not trigger or is not executed on the switch, or in the last step the role or endpoint attribute is not evaluated which will return you in the original role.



  • 3.  RE: Wired Mac auth + Wired WebAuth

    Posted Sep 02, 2020 03:47 PM
      |   view attached

    Hello,
    I attach the logs of the authentication attempt made.