cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

214
Views
0
Helpful
9
Replies

Preventing sponsor from creating guest account using certain email domains

I want to prevent sponsors from entering an email addresses for the sponsored account that contains a few domains (e.g. - @example.com).

 

I didn't have luck using the first script detailed here:

https://community.cisco.com/t5/security-documents/ise-sponsor-portal-create-known-accounts-page-customization/ta-p/3636414#toc-hId--1080596999

 

I had more luck using the second lot of 3 x scripts. However they are written for the person being visited; not the email of the sponsored guest. I've modified the script so that it works on the email address field.

 

One problem remains; it does the opposite of what it is supposed to do. It is supposed to prevent users entering corporate domain email adddresses (i.e. - black-listing certain domains) but instead it only allows the domains listed in the script (white-listing).

 

How can the script be changed so that the domains listed in the script are prevented?

 

See below:

 

email address script issues - 1.png

email address script issues - 2.png

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Preventing sponsor from creating guest account using certain email domains

Hi Scott,

Please check the script in the below community page under heading "Restrict the email address entered when creating a known account".

https://community.cisco.com/t5/security-documents/ise-sponsor-portal-create-known-accounts-page-customization/ta-p/3636414

Cisco Employee

Re: Preventing sponsor from creating guest account using certain email domains

Hi Scott,

 

can you please try the below script.

<script> 
    $(document).on("pageshow", function(){ 
        setTimeout(function() {
            $('.emailAddress').val("");
            var domains = ["domain1.com","domain2.net","domain3.com"];
 
            function validateDomain(me){
                var idx1 = me.target.value.indexOf("@");
                if(idx1>-1){
                    var splitStr = me.target.value.split("@");
                    if(domains.indexOf(splitStr[1])>-1){
                        me.target.value="";
                        alert("Enter a valid email address.");
                        return false;
                    }
                }
            }
 
            $(function () {
                $('.emailAddress').blur(function (ele) {
                    validateDomain(ele);
                });
            });
        }, 5000);
    }); 
</script>
9 REPLIES 9
Cisco Employee

Re: Preventing sponsor from creating guest account using certain email domains

Researching for updated script

Re: Preventing sponsor from creating guest account using certain email domains

Cheers Jason.

Re: Preventing sponsor from creating guest account using certain email domains

@Jason Kunst Did you have any luck chasing down a script?

Highlighted
Cisco Employee

Re: Preventing sponsor from creating guest account using certain email domains

Still working on it. I was on vacation. Should hopefully have this week

Re: Preventing sponsor from creating guest account using certain email domains

Great - thanks.

Cisco Employee

Re: Preventing sponsor from creating guest account using certain email domains

Hi Scott,

Please check the script in the below community page under heading "Restrict the email address entered when creating a known account".

https://community.cisco.com/t5/security-documents/ise-sponsor-portal-create-known-accounts-page-customization/ta-p/3636414

Re: Preventing sponsor from creating guest account using certain email domains

Thanks - this works although I did need to change the .personBeingVisited to .emailAddress.

One issue however; the script works based on domain; not FQDN. Therefore it blocks domain1.com and domain1.net. I only want it to block domain1.com. I'm unable to specify the FQDN; if I do the script doesn't work. Can it be modified so that the FQDN and not just the domain can be entered?

Cisco Employee

Re: Preventing sponsor from creating guest account using certain email domains

Hi Scott,

 

can you please try the below script.

<script> 
    $(document).on("pageshow", function(){ 
        setTimeout(function() {
            $('.emailAddress').val("");
            var domains = ["domain1.com","domain2.net","domain3.com"];
 
            function validateDomain(me){
                var idx1 = me.target.value.indexOf("@");
                if(idx1>-1){
                    var splitStr = me.target.value.split("@");
                    if(domains.indexOf(splitStr[1])>-1){
                        me.target.value="";
                        alert("Enter a valid email address.");
                        return false;
                    }
                }
            }
 
            $(function () {
                $('.emailAddress').blur(function (ele) {
                    validateDomain(ele);
                });
            });
        }, 5000);
    }); 
</script>

Re: Preventing sponsor from creating guest account using certain email domains

This worked well; thanks very much.