cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10801
Views
17
Helpful
18
Comments
Jason Kunst
Cisco Employee
Cisco Employee

Hotspot Portal with information collection

 

Since we don't have the concept of a hotspot portal with info collection (we require an account to be created to capture information in the reports). The purpose of this document is to explain how to set up a self-registration portal and flow that is masked to look like a Hotspot Portal with information collection. A customer doesn't want a user to deal with creating credentials and remembering them but still wants to get their information.

 

This info will show up in the logs and reports as its a regular account. The user doesn't  know about this and they are not notified as they won't use it

 

The process is to make a self-registration portal capture some info and create account but hide username/password. So its like a hotspot. The endpoint is registered and authorization is based off guest endpoint group. The device could have access for a minimum of a day with basic configuration. If you wanted only a couple hours then there are other examples on how to do that as well.

 

Video Link : 15219

 

 

This should work on ISE 1.3+

 

Process and config:

 

Authorization rules

  • Authorization rules would be setup first to redirect MAB to self-reg (hotspot) portal.
  • 2nd line if endpoint group, then permit access

Endpoint Groups

Administration > Identity Management > Groups

  • Create a different endpoint group if you don’t want to use default of GuestEndPoints

Guest Types

Guest Access > Configure > Guest Types >

  • If needed create special guest type to track - call 1dayHotspotwithemail choose different endpoint group if you created another
  • In ISE 1.4.1 and 2.1 you can use FromFirstLogin Guest Type as the location doesn't matter and you want account activated right away

Portal

  • Create self-reg portal call it self-reg-hotspot-with-info-collection
  • In “Self-Registration Page Settings” uncheck all options you don’t want displayed except for email address
    • Location - if more than 1 you will need to allow this to be displayed (in ISE 1.4.1 or 2.1 you are using FFL location is not relevant in this example
    • SMS and Email options for notification - uncheck as not using any notification
    • After registration submission, direct guest to Success page
  • In “Self-Registration Success Settings”
    • In ISE 1.3/1.4 due to bug you need to leave on ”first name" and "reason for visit"
    • Uncheck everything except username/password/email address
    • Choose Allow guests to log in directly from the Self-Reg Success Page
  • In Acceptable Use Policy (AUP) Page Settings uncheck ‘Include an AUP page’ unless you want it
  • Post Login Banner Page
    • uncheck includes a post login
  • Authentication Success Settings
  • Click Save
  • Click Portal Page Customization
    • Under Login page Optional content 2 window
    • Toggle HTML Source Button
    • Paste this script - this bypasses login page and goes direct to self-reg for info collection

Check out this NEW SCRIPT - 5/30/19

--------------

It auto clicks and goes on to SelfRegistration.action?from=LOGIN (second last line).

However, for some reason, the portal test URL is loaded again (last line), and loads as a blank page, since the page CSS is set to display:None.

This was reproducible on 2.3, 2.3p5, 2.3p6 and 2.4p6.

It is only reproducible on Google Chrome and seems to work fine in Firefox on all releases.

After playing around with JQuery a bit, I was able to find something that works on Chrome reliably:

 

NEW SCRIPT - 5/30/19

----------
<script> jQuery('#page-login').css('display','none'); $(document).ready(setTimeout(function(){ $('#ui_login_self_reg_button').trigger('click'); },100)); </script>

 

 

 

ORIGINAL
---------
<script>      jQuery(function(){      jQuery('#page-login').css('display','none');      jQuery('#ui_login_self_reg_button').click();           return;      }); </script>

    • Toggle HTML Source
  • Self Registration Success - hide the results (credentials) as not used and click login automatically
    • Toggle HTML Source
    • paste to optional content 2:
<script>

    jQuery('#page-self-registration-results').hide();

    jQuery('#ui_self_reg_results_submit_button').trigger('click');

</script>
  • Click Save.
Comments
estadlercisco
Level 1
Level 1

Excellent! This has helped me on multiple ISE deployments already. Hopefully it becomes a native feature of ISE

ittechk4u1
Level 4
Level 4

Hi,

I am trying your method but getting error:

After entering email address , once i click on register new page opens..check the pic below(I am stuck here)This page is flashing and showing authentication failure..

Step3.png

Here are the error logs from ISE:

Event 5418 Guest Authentication Failed

Failure Reason 22056 Subject not found in the applicable identity store(s)

Resolution Check whether the subject is present in any one of the chosen identity stores. Note that some identity stores may have been skipped due to identity resoultion settings or if they do not support the current authentication protocol.

Root cause Subject not found in the applicable identity store(s).

Username 5dev

User Type NON_GUEST

Could you please help!!!

Jason Kunst
Cisco Employee
Cisco Employee

Off the top of my head without seeing your config it's most likely you didn't use the from first login guest type and you dont have an activated account because your correct  location  timezone is not matched and chosen to the login

otherwise please call tac

ittechk4u1
Level 4
Level 4

Hi,

Thanks for the reply.

1. I am using From first login...see the pic..

2. I am using the activated guest..

3. same  error

what should I use as timezone..(In Europe ?) I am using Europe/Berlin.

Thanks

ittechk4u1
Level 4
Level 4

Hi Jason,

Its working now. Thanks for help.

But Now i need a checkbox for newsletter subscription on Guest portal with AUP. How can I do it ?

Thanks in Advance!

Jason Kunst
Cisco Employee
Cisco Employee

please open new post. also please explain what your issue was

laposilaszlo
Level 1
Level 1

Hi Jason,

  

This is a great document, thanks for sharing.

May I ask if the following can be added to this solution.

 

My company needs a hotspot portal where users enter their data (name/company/phone number) and an access code and then they click sing in.

 

This is almost what you have described here but the access code part is missing.

 

Do you think this can be added somehow?

  

It needs to be access code field (and not the registration code) because it will be changed regularly using API.(registration code cannot be changed from API)

  

Basically what we need is the client taken directly to the registration portal but he will also need to enter the correct access code.

 

He then clicks register and is signed in.

  

Let me know if you see any solution to this or if i didn’t managed to explain what we need clearly enough.

 

 

Thank,

Laszlo

 

 

Jason Kunst
Cisco Employee
Cisco Employee
If you’re using this flow then it’s the registration code being utilized and not the access code (only available on the hotspot portal )

Please reach out through your account team
for a feature request
Madura Malwatte
Level 4
Level 4

HI Jason, Is this still meant to work with ISE 2.3? When I enter the script in optional content 2 window as html and click save then come back to this section the script text has disappeared from the optional content 2 window. When I do test portal url link through ISE gui the script doesn't seem to do anything. Any idea?

Jason Kunst
Cisco Employee
Cisco Employee
Might try to use a different browser. Script not saving has nothing to do with a specific script
Madura Malwatte
Level 4
Level 4

Hi Jason, thanks for the quick response. I tried chrome and firefox both, same issue.

 

I enter the script text after toggle html source

 

Screen Shot 2019-03-29 at 1.35.14 am.jpgand if I click refresh preview I still see the username and password text boxes. I have tried to click save, then portal test URL and see the same default sign on page.

 

Screen Shot 2019-03-29 at 1.36.21 am.jpg

If I click on a different page in the GUI and come pack to the same portal > portal page customization I no longer see the script text i had pasted in earlier.

Madura Malwatte
Level 4
Level 4

Hi @Jason Kunst , just wondering if you had any issues with this script on ISE 2.3?

 

I put the code in and it works as described, however on chrome browser I see the  login page getting displayed intermittently. You code jQuery('#page-login').css('display','none'); makes the login page blank, and I can see the browser load the login page for a split second then loads the Self Registration Success page. 

However intermittently I see login page for a split second then loads the Self Registration Success page for a split second, then loads the login page again and stays there, so what I end up with is a white blank page. Do you know why it would try load the login page after self registration success page?

Arne Bier
VIP
VIP

@Madura Malwatte - that still happens in ISE 2.4 occasionally.  In fairness, I have only done the 'URL Test' function so far.  But I have also wondered about the robustness of this JQuery logic.  I have seen cases where the login page is displayed permanently.

If you don't remvove the Cancel button, then you're giving the users a route back to the Login page - this is why I wanted to hide that button.

Madura Malwatte
Level 4
Level 4

@Arne Bier I have got this configured in production for a customer, its exactly what they wanted but now we noticed this issue and its a really negative in terms of user experience. We get the same problem, intermittently the user ends up on the login (sign on) page which is just all white, see below:

 

Note from jason kunst, working through TAC updating script as well with customization engineers. 

 

Screen Shot 2019-05-22 at 10.50.55 am.jpg

 

 

User needs to refresh the page to get the registration form page. Looks like the issue is only seen on chrome browsers.

 

@Jason Kunst Any ideas on a workaround?

Arne Bier
VIP
VIP

Hi @Madura Malwatte  - I don't have any good advice for you.  I have gone back to using the built in portal types in ISE and ditched the custom scripting.  I have figured out an alternative that hopefully will be accepted by the customer.  Portal Builder was a bit of a waste of time for me too - found out that once the stuff is imported into ISE, you cannot change it in ISE.  No good for me.  It's bad news for customers too - they might want to change something as simple as a word - no can do. 

The only thing I feel is safe to use is the Theme Roller - that tool is awesome!  Customizing the CSS.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: