Apple CNA opening with MAC Caching on full access (CPPM)
10-03-2019 07:35 AM - edited 10-03-2019 07:46 AM
Question about an Apple issue I'm seeing with captive portal w/ MAC Caching. I am using CPPM to serve an external captive portal with a controller-initiated workflow. This question involves Apple computers after they've been validated and logins use the MAC Caching service. In clearpass they successfully authenticate and get the full access role.
However what I'm seeing is that on Apple computer specifically, the portal will still launch but I will see "Success" and the window can be closed by clicking "Done." This means that they can reach captive.apple.com.
AAA profile initial role has a captive portal profile associated with it. From what I understand, this is Aruba's best practice, but perhaps I am wrong about this? Should I be passing back a captive portal associated role from clearpass instead?
AAA Initial Role (Allow access to CPPM, no captive portal profile associated)
If CPPM service says user needs captive portal, send back logon role that has portal profile associated.
What is Aruba's best practice for handles roles for captive portals served externally? Is the above order what is suggested by Aruba?