cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7678
Views
5
Helpful
9
Replies

ISE 2.3- Sponsor portal not accessible

mdjan
Level 1
Level 1

Dear Team,

 

Since this monday, we are unable to access the sponsor portal. It seems that the port 9002 is not working.

Also when we try to display the ports on CLI, we get internal error. See the captures.

9 Replies 9

ajc
Level 7
Level 7

Go to your sponsor portal page, click on the PORTAL TEST URL and post the results including the URL on your browser. (see screenshots).

 

The default 2.3 ISE URL for Sponsor portal is giving me a different port based on page configuration (see screenshots next).

 

https://IP:8445/sponsorportal/PortalSetup.action?portal=f10871e0-7159-11e7-a355-005056aba474

 

portals.pngportals1.png

 

 

 

ajc
Level 7
Level 7

The sponsor portal is the combination of the FQDN and HTTPS port indicated below. What is your configuration?

 

portals2.png

 

 

Dear Abraham Camacho,

 

It is the same configuration. When you want to access the portal from the server directly you use the 9002 port based on the configuration guide.

The port 8445 is only used when you have a FQDN for the sponsor portal.

You are not answering to my questions:

 

-Post your sponsor portal configuration including the FQDN value (no matter if it is blank).

-Click on the TEST URL of your sponsor portal. (I am not sure if you are using the ISE Default Sponsor Portal or configured a customized one).

-Check that sponsor  portal URL on your dns is pointing to the PSN's NOT the Primary/Secondary PAN.

 

By default Sponsor portal uses 8445 on version 2.3 as you saw in the screenshot.

 

thanks

ajc
Level 7
Level 7

On my 2.2 deployment, the sponsor portal URL is the FQDN value indicated in the Sponsor Portal page (see previous screenshot). ISE translates that FQDN into something like this:

 

https://sponsor.DOMAIN:8443/sponsorportal/PortalSetup.action?portal=a30e8080-804a-11e5-badb-74a2e6a33e00

 

My DNS server resolves the Sponsor Portal URL into the F5 VIP IP so I can load balance all the Sponsor Portal request to any PSN. (another option like Round Robin DNS probably works when LB is not being used)

 

 

 

 

 

 

 

There are  two way to access the sponsor admin portal based on what I learnt.

The sponsor admin portal with port 8443 will ask a username and password before to access. 

The sponsor admin portal with port 9002 will not ask a username and password before to access.

 

We solve the issue after we restart many time the service.

You are right, there are 2 mechanisms to access Sponsor Portal. One from Primary PAN which displays in a parallel browser opened the URL link you mentioned. That happens when you click on the MANAGE ACCOUNTS BUTTON (The detail with that link is that you are actually LOGGED IN the Primary PAN so I would expect a failure like the one you experienced again because this link still involves a login process based on my understanding which does not happen if you try to access sponsor portal directly using the URL). See screenshots next.

 

https://ISE.DOMAIN:9002/sponsoradminportal/SponsorAdminLogin.action

 sponsor3.pngsponsor4.png

 

I consider the proper way to access Sponsor Portal is using the corresponding Portal on port 8443 (login required) with the proper FQDN configuration as I mentioned in the previous notes because that is a regular flow on ISE.

 

 

 

 

Okay, I get your view.

I will try to configure the access via the port 8443. If you have a configuration guide about this point, can you share to me.

As I try to do it but, not working. I have to associate the identity group for the sponsor portal.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: