cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1281
Views
0
Helpful
3
Replies

Custom error messages in guest / CWA portal

blandrum
Cisco Employee
Cisco Employee

I have a need to return custom error messages to a user when they fail to pass through a CWA portal.  

 

For instance, a user signs in and passes authentication, but doesn't have the proper AD group membership. Want error message to state "you're missing XXXX access".  

 

 

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee
You would need to direct them to a custom page built under customer portal files
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010000.html#id_34829

if guest_flow and ADgroupX then redirect to authz profile with custom file redirect

Other customization examples under http://cs.co/ise-guest

There is no way dynamically to do this in the portal.

View solution in original post

3 Replies 3

Jason Kunst
Cisco Employee
Cisco Employee
You would need to direct them to a custom page built under customer portal files
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010000.html#id_34829

if guest_flow and ADgroupX then redirect to authz profile with custom file redirect

Other customization examples under http://cs.co/ise-guest

There is no way dynamically to do this in the portal.

I'm not sure how ISE will be able to detect the group membership of the user, since this is purely a MAB+CWA authentication.  I'm going to play around in the lab today with it, but are you suggesting they'll hit a "default" portal, which will then dump the user into the guest_flow, re-parse the authz list, then redirect them to a second portal based on their group membership?

the only way to know the group is to have them login to the CWA portal and get a success then you can now key off that since a COA took place authz will know the info. You can say say if guest_flow and AD group.
take a look at the http://cs.co/ise-guest
ISE Guest Access Prescriptive Deployment Guide