cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

5103
Views
20
Helpful
3
Replies
albertofdez
Beginner

Change URL redirect in Cisco ISE 2.1.0 Guest Portal CWA

Hi,

I have set up a Guest Portal CWA with WLC 5508 8.0.133.0 and ISE 2.1.0.

I have made all the rules in both Authenticatin and Authorization, and I also see the clients hitting the right rules. The Authorizaton rule redirects the client to a captive web portal within ISE like this: cisco-av-pair = url-redirect=https://ip:port/portal/gateway?sessionId=SessionIdValue&portal=d30c7eb0-41e0-11e6-a7c7-0050569e27a1&daysToExpiry=value&action=cwa

I have 3 different guests portals for each SSID and everything works fine.

The problem is that, when the wireless guest receives the redictect URL from ISE (URL to access the ISE Guest Portal), this URL is based on the ISE DNS name, not on its IP address. The FQDN of my ISE is iselab01.example.local and the certificate showing the guest portal domain is for example.local.

Now I have been asked to create a new guest portal but this time I have the certificate belongs to the example.org domain and need redirection to this new guest portal use this new domain.

I have tried to code, in the CWA Authorization profile, the equivalent URL redirect via the CISCO av-pair as follows :

cisco-av-pair = url-redirect=https://iselab01.example.org:8443/portal/gateway?sessionId=SessionIdValue&portal=d30c7eb0-41e0-11e6-a7c7-0050569e27a1&daysToExpiry=value&action=cwa

but, it does not work, since the sessionIdValue is not replaced by its real value when sent to the wireless client.

Is it possible to change the redirect URL from ISE somewhere just for some guest portal?

Best regards

1 ACCEPTED SOLUTION

Accepted Solutions
jan.nielsen
Rising star

Just use the automatic CWA setting in the authz profile, instead of entering the cisco-av-pair yourself, you will find that you can change the fqdn portion of the url, so the sessionid is kept intact.

View solution in original post

3 REPLIES 3
jan.nielsen
Rising star

Just use the automatic CWA setting in the authz profile, instead of entering the cisco-av-pair yourself, you will find that you can change the fqdn portion of the url, so the sessionid is kept intact.

View solution in original post

Hi Jan,

Thank you very much for your help, I had found and was about to try if it worked well.

Thanks again for your quick response.

Best regards

cheicknacamara14
Beginner

salut c, au faite j'aimerais savoir comment vous avez fait pour configurer votre wlc et l'ise car je n'arrive toujours pas a commuquer mon wlc 9800 a l'ise

Crear
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (35%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel