Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
0
Helpful
5
Replies

ISE identity-based CWA login success page

RichardAtkin
Level 3
Level 3

‎09-11-2017 11:58 AM - edited ‎02-21-2020 10:33 AM

Hi,

 

I'm doing CWA on ISE with an AD back end.

 

Is it possible to send successfully authenticated Users off to a different login-success page based on some aspect of their identity, whether that be a domain element in the username and/or by evaluating AD group membership?  You used to be able to do this with some jiggery pokery on old versions of ISE, but I think it was more of an exploit than a feature.

 

For example, if "HR Person", send browser to HR.mycompany.com but if "IT Person", send browser to "IT.mycompany.com?

 

Configuring the client device is not an option; this all needs doing by the infrastructure.

 

Any ideas much appreciated!

 

Thanks,

Richard

Labels:
0 Helpful
5 Replies 5

Francesco Molino
VIP Alumni
VIP Alumni

‎09-17-2017 07:17 PM

Hi 

 

You can't do that In a standard way. 

I've never done that before. But quite sure that you can add a JavaScript into the success page and redirect the url based on some criteria.

 

What I'm not sure is if with JavaScript you can get the ad group membership. 

 

I had in the past a pdf with all JavaScript capabilities but having hard time to found it back. 

 

If I get it I'll post it here. 

 

Sorry to not being so helpful. 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

RichardAtkin
Level 3
Level 3
In response to Francesco Molino

‎09-18-2017 02:30 AM

Hi Francesco,

 

I suspect you're thinking of this?

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010000.html#reference_E2FD225AFDAC4A7B9B1493E1809BEC0B

 

Unfortunately I've been through this already and I don't think it gives enough access to do what I need.

 

Cheers,

Richard

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to RichardAtkin

‎09-18-2017 04:28 AM

No this isn't the documentation i was talking about. It was a JavaScript developer document but for ISE version 1.3.

Anyway, as I said, not sure you can get the ad group membership from JavaScript then what you're asking isn't possible in that way.

Sorry for that

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

RichardAtkin
Level 3
Level 3
In response to Francesco Molino

‎09-18-2017 04:39 AM

There’s this as well, but also not much good tbh ☹
https://communities.cisco.com/docs/DOC-67264
Thanks for looking though – glad it’s not just me that can’t do it! 😊
0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to RichardAtkin

‎09-18-2017 04:50 AM

No this one as well 😀


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents