Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1029
Views
0
Helpful
1
Replies

ISE guest portal FQDN

Go to solution
sefedoro
Level 1
Level 1

‎10-05-2015 11:08 PM - edited ‎03-10-2019 11:07 PM

It is possible to create guest portal FQDN?

I will try to explain.

Requirements:

1)WiFi Network must be secure with L2-security(WPA2-Enterprise,PEAP) - not L3 or Web redirection.

2)WiFi users must use separate External Authority(AD or LDAP, not enterprise and not ISE local)

3)There is no need to manage personal devices.

4)WiFi users must have ability to change their's password from intranet portal which can be accessed with FQDN.

 

There is no problem with req 1-3, but seems no chance to create portal only for change user's password. These requirements linked with issue "mobile devices not provide ability to change password" if ISE send request to change it(Tested on iPhone, Android and WindowsMobile with Active Directory).

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
waynesymes
Level 1
Level 1

‎10-06-2015 07:05 PM

Hi Sefedoro,

The ISE 1.3 does support FQDN use with Guest portals. This can be defined in Authorization profile that specifies CWA portal. However this Guest Portal FQDN can only be accessed by clients with sessions active in the guest flow process. Also  password change  via the Guest portal is supported for internal ISE  Guest accounts and not AD accounts. Once network connectivity is established by a windows client via WPA2-Enterprise, a user can change their password via ctrl-alt-delete -> change password option. If you are using User Authentication or User or Computer Authentication in the supplicant I would test this process on a couple different windows builds.   The OS and supplicant should automatically pick up the password change. If you use an intranet portal intermediary the user will have to log off and back on to the laptop with the new credentials. Using Machine (computer only) authentication will avoid these issues.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
waynesymes
Level 1
Level 1

‎10-06-2015 07:05 PM

Hi Sefedoro,

The ISE 1.3 does support FQDN use with Guest portals. This can be defined in Authorization profile that specifies CWA portal. However this Guest Portal FQDN can only be accessed by clients with sessions active in the guest flow process. Also  password change  via the Guest portal is supported for internal ISE  Guest accounts and not AD accounts. Once network connectivity is established by a windows client via WPA2-Enterprise, a user can change their password via ctrl-alt-delete -> change password option. If you are using User Authentication or User or Computer Authentication in the supplicant I would test this process on a couple different windows builds.   The OS and supplicant should automatically pick up the password change. If you use an intranet portal intermediary the user will have to log off and back on to the laptop with the new credentials. Using Machine (computer only) authentication will avoid these issues.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents