Solved: Re: ISE Guest Portal with Self registration and autofill username and passoword

piotrPaszk · ‎02-09-2020

Hello experts,

I am creating Guest Portal with self registration. What I find very ackward is the following.

I am using this pseudo browser from apple to put in username and passord or to register. When I am registered I get an SMS with login and passord via sysman gateway SMTP. On the sucess page I have two options- text me or sing on. At this stage I would like the received credentials to be fill out automaticaly on the loggin page ones I press the sign on on the sucess page i am back to the login page. Is it possible to do it ?

The reason why it would be handy to have such option is because how the apple pseudo browser works. Ones the sms is received and I want to see the credentials the the window dissapers and i have to go over the same logging procedure again.

Any suggestions ?

Thanks

br Piotr

Francesco Molino · ‎02-09-2020

Hi

If you want have you guest automatically logged in without typing in its credentials, on your ise self registration portal, under the section self-registration success settings, check the box "Allow guests to log in directly from the self registration success page".
With that option, when credentials are generated, guest will click on sign on button and they will get the AUP (if you are showing the AUP on your login process.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

piotrPaszk · ‎02-11-2020

Thanks for the answer Francesco :)

That makes much sense. I have tested it and I think this is the most user frendly option with .

I am going to test the other option with captive bypass enable. I believe this option will be more user fredly without automatic sign on from the self registration success page. The disadvantage is that the redirect has to be triggerd manualy and this is what many users struggle with.

I have another question to you about the timers vs duration of the account. Lets say I have set up session timeout to 8 hours on the WLC and duration of the user account is set to 4 hours. I understand that user will not be prompt for credentials within 4 hours but what will hapen if the user logg in again after that. If the user has to start all over again what is the point to use this session time out on wlc with the duration og the guest account ?

View solution in original post

Francesco Molino · ‎02-12-2020

When using a radius, usually you push the session timeout to a user which overrides wlc timers.
If your authorization rule authorize guests based on identity endpoint, which is registered during the guest authentication by default, they won't need to re-authenticate after the 4 hours.
However, if you use the guest flow attribute, this will be set back to false after the 4 hours and they'll need to re-authenticate (if account is still valid) or going through the whole process again (if account is not valid anymore)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎02-09-2020

Hi

If you want have you guest automatically logged in without typing in its credentials, on your ise self registration portal, under the section self-registration success settings, check the box "Allow guests to log in directly from the self registration success page".
With that option, when credentials are generated, guest will click on sign on button and they will get the AUP (if you are showing the AUP on your login process.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

piotrPaszk · ‎02-11-2020

Thanks for the answer Francesco :)

That makes much sense. I have tested it and I think this is the most user frendly option with .

I am going to test the other option with captive bypass enable. I believe this option will be more user fredly without automatic sign on from the self registration success page. The disadvantage is that the redirect has to be triggerd manualy and this is what many users struggle with.

I have another question to you about the timers vs duration of the account. Lets say I have set up session timeout to 8 hours on the WLC and duration of the user account is set to 4 hours. I understand that user will not be prompt for credentials within 4 hours but what will hapen if the user logg in again after that. If the user has to start all over again what is the point to use this session time out on wlc with the duration og the guest account ?

Francesco Molino · ‎02-12-2020

When using a radius, usually you push the session timeout to a user which overrides wlc timers.
If your authorization rule authorize guests based on identity endpoint, which is registered during the guest authentication by default, they won't need to re-authenticate after the 4 hours.
However, if you use the guest flow attribute, this will be set back to false after the 4 hours and they'll need to re-authenticate (if account is still valid) or going through the whole process again (if account is not valid anymore)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question