Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
437
Views
4
Helpful
4
Replies

Blocked List Portal redirection problem...

rezaalikhani
Level 4
Level 4

‎01-07-2024 11:26 AM - edited ‎01-07-2024 11:31 AM

Hi;

Consider the following scenario:

  • ISE 3.2 Patch 4
  • Cisco vWLC 8.10.190.0
  • Windows 10 with Google Chrome 119

A user reports their device as 'Stolen' in the 'My Device Portal' and then connects the same device to the network. Based on the following authorization policy, it should redirect to the 'Blocked List Portal':

1000.png

Based on the RADIUS Live Logs, the aforementioned authorization policy matches successfully, and ISE pushes it to the WLC. However, when the user opens a browser, instead of redirecting to the Blocked List Portal, the following error message appears:

1000.png

I've checked everything, but one thing caught my attention. When I opened the portal using the 'Portal test URL' link within the portal configuration, it opened with the following address and correctly displayed the desired message:

https://192.168.10.120:8444/blockedportal/PortalSetup.action?portal=23be8780-da68-447e-aec3-e159cfb2a288

Now, I checked the portal address in the Authorization Profile and it is:

https://ip:port/blockedportal/gateway?portal=23be8780-da68-447e-aec3-e159cfb2a288

Then I changed the above address with the address of the "portal test URL" as follows:

https://ip:port/blockedportal/PortalSetup.action?portal=23be8780-da68-447e-aec3-e159cfb2a288

Now tested again and this time the user redirected to the portal as expected!!!

Any ideas?

Thanks

0 Helpful
4 Replies 4

Greg Gibbs
Cisco Employee
Cisco Employee

‎01-07-2024 06:23 PM

@rezaalikhani , I see the same behaviour in ISE versions 3.2p4 and 3.1p8.

I suspect something changed and the "PortalSetup.action?" is the correct redirect-url to use in the AuthZ Profile, but you would have to open a TAC case to confirm that. If this expected behaviour, TAC should also file a documentation bug to ensure all of the relevant Admin Guides are updated.

rezaalikhani
Level 4
Level 4
In response to Greg Gibbs

‎01-09-2024 01:14 AM

I tested this on ISE 3.3 with Path1 with the same condition...

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎01-08-2024 04:30 PM - edited ‎01-08-2024 07:12 PM

@rezaalikhani Thanks for reporting this. I will do more research on this. Meanwhile, please continue using your workaround.

hslai
Cisco Employee
Cisco Employee

‎01-09-2024 10:23 AM

@rezaalikhani CSCwi62078 filed on this and should be visible after 1 or 2 business days.

Customers Also Viewed These Support Documents