cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

142
Views
0
Helpful
3
Replies
Cisco Employee

Custom error messages in guest / CWA portal

I have a need to return custom error messages to a user when they fail to pass through a CWA portal.  

 

For instance, a user signs in and passes authentication, but doesn't have the proper AD group membership. Want error message to state "you're missing XXXX access".  

 

 

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Custom error messages in guest / CWA portal

You would need to direct them to a custom page built under customer portal files
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010000.html#id_34829

if guest_flow and ADgroupX then redirect to authz profile with custom file redirect

Other customization examples under http://cs.co/ise-guest

There is no way dynamically to do this in the portal.
3 REPLIES 3
Cisco Employee

Re: Custom error messages in guest / CWA portal

You would need to direct them to a custom page built under customer portal files
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010000.html#id_34829

if guest_flow and ADgroupX then redirect to authz profile with custom file redirect

Other customization examples under http://cs.co/ise-guest

There is no way dynamically to do this in the portal.
Highlighted
Cisco Employee

Re: Custom error messages in guest / CWA portal

I'm not sure how ISE will be able to detect the group membership of the user, since this is purely a MAB+CWA authentication.  I'm going to play around in the lab today with it, but are you suggesting they'll hit a "default" portal, which will then dump the user into the guest_flow, re-parse the authz list, then redirect them to a second portal based on their group membership?

Cisco Employee

Re: Custom error messages in guest / CWA portal

the only way to know the group is to have them login to the CWA portal and get a success then you can now key off that since a COA took place authz will know the info. You can say say if guest_flow and AD group.
take a look at the http://cs.co/ise-guest
ISE Guest Access Prescriptive Deployment Guide