03-01-2022 08:42 AM
Hi all,
I have created an hotspot portal with two buttons, one for each type of guests I have, using redirection to self-registering portals with different sponsors and guest types by clicking on the button.
The redirection is working fine.
On the hotspot portal, the endpoint identity group is 'GuestEndPointToLogg'.
On the self-registering portals, I have another endpoint identity group, the default 'GuestEndPoints'.
My authorization rules and results are :
1. Access for guest if (guestflow, and Endpoint Id Group = GuestEndpoints)
2. CWA for web redirection to the hotspot portal
The problem is that I always fall into the redirection rule, never the access, because the endpoints are in the 'GuestEndPointToLogg', and not the GuestEndpoints.
I made the difference of Endpoint groups to allow access only il the guest has successfully logged on.
Thank you in advance for your help !
Deborah
Solved! Go to Solution.
03-05-2022 04:03 PM
You have now shown your actual authorization rules which ultimately determine whether or not users are redirected.
ISE has default authorization policies defined (but disabled) that show you how you can do guest access.
You may duplicate these within your default policy or replicate them in your other policy sets if necessary.
Make sure they are enabled and that they match the correct endpoint groups.
If something is failing with ISE Authorization Rules, you need to look at the ISE Live Logs and understand WHY it is choosing the authorization rule or or a different one.
Please see How to Ask The Community for Help for including the necessary policy and log details for us to understand the EXACT error or mismatch in policy from what you expect. We have no idea what else you have for your policy causing you problems.
03-16-2022 01:43 AM
Hi all,
Thank you for all your answers. My problem was actually that the sessionId attribute was not correctly passed to the next portal, so the endpoint could'nt relate to the right endpoint group.
Deborah
03-03-2022 02:40 PM
Hi @dvul
I am not quite sure I understand the complexity of your use-case. In regular deployments the guest user is in one of two 'states'
That's the standard way that the guest internet access is 'controlled'.
03-05-2022 04:03 PM
You have now shown your actual authorization rules which ultimately determine whether or not users are redirected.
ISE has default authorization policies defined (but disabled) that show you how you can do guest access.
You may duplicate these within your default policy or replicate them in your other policy sets if necessary.
Make sure they are enabled and that they match the correct endpoint groups.
If something is failing with ISE Authorization Rules, you need to look at the ISE Live Logs and understand WHY it is choosing the authorization rule or or a different one.
Please see How to Ask The Community for Help for including the necessary policy and log details for us to understand the EXACT error or mismatch in policy from what you expect. We have no idea what else you have for your policy causing you problems.
03-16-2022 01:43 AM
Hi all,
Thank you for all your answers. My problem was actually that the sessionId attribute was not correctly passed to the next portal, so the endpoint could'nt relate to the right endpoint group.
Deborah
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide