cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

402
Views
0
Helpful
5
Replies
Highlighted
Participant

ISE identity-based CWA login success page

Hi,

 

I'm doing CWA on ISE with an AD back end.

 

Is it possible to send successfully authenticated Users off to a different login-success page based on some aspect of their identity, whether that be a domain element in the username and/or by evaluating AD group membership?  You used to be able to do this with some jiggery pokery on old versions of ISE, but I think it was more of an exploit than a feature.

 

For example, if "HR Person", send browser to HR.mycompany.com but if "IT Person", send browser to "IT.mycompany.com?

 

Configuring the client device is not an option; this all needs doing by the infrastructure.

 

Any ideas much appreciated!

 

Thanks,

Richard

5 REPLIES 5
Highlighted
VIP Mentor

Hi 

 

You can't do that In a standard way. 

I've never done that before. But quite sure that you can add a JavaScript into the success page and redirect the url based on some criteria.

 

What I'm not sure is if with JavaScript you can get the ad group membership. 

 

I had in the past a pdf with all JavaScript capabilities but having hard time to found it back. 

 

If I get it I'll post it here. 

 

Sorry to not being so helpful. 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted

Hi Francesco,

 

I suspect you're thinking of this?

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010000.html#reference_E2FD225AFDAC4A7B9B1493E1809BEC0B

 

Unfortunately I've been through this already and I don't think it gives enough access to do what I need.

 

Cheers,

Richard

Highlighted

No this isn't the documentation i was talking about. It was a JavaScript developer document but for ISE version 1.3.

Anyway, as I said, not sure you can get the ad group membership from JavaScript then what you're asking isn't possible in that way.

Sorry for that

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted

There’s this as well, but also not much good tbh ☹
https://communities.cisco.com/docs/DOC-67264
Thanks for looking though – glad it’s not just me that can’t do it! 😊
Highlighted

No this one as well 😀


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question