cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1016
Views
5
Helpful
4
Replies
jpujol
Cisco Employee

ISE self-registering Guest portal ; javascript error with ISE 2.4p1 and Chrome

Hi, 

 

For one of my customers, there is a need to change the credentials format when entering the username / password (the customer requires to have a single code instead of the pair of username / password).

 

I shared some javascript code already used at another occasion : 

<script>
$(document).one('pageshow', function() {
   if 
(!(/selfregistrationcancel|selfregistrationsuccess|SELF_REGISTRATION/i).test(document.location.href)) {
     $('#ui_login_self_reg_button').click();
   }
});
portalloginForm.elements["user.password"].value = '0';
portalloginForm.elements["user.password"].style.visibility = 'hidden';
portalloginForm.elements["user.password"].type = 'hidden';

</script>

In case the user enters a wrong credential on an iPhone, he is redirected to the authentication page. 

 

But with Chrome, instead of the error message, the page loops forever.

Could it be an issue with the check which doesn't take in account an error handling and isn't working specifically with Chrome ?  :

!(/selfregistrationcancel|selfregistrationsuccess|SELF_REGISTRATION/i)

I add the page and the error console in Chrome if someone may have an idea ... !

 

Thanks a lot in advance ...

 

Jean-Francois

4 REPLIES 4
RichardAtkin
Participant

ISE already natively supports using just a code instead of a user/pass - why do you need to play with JavaScript?

I think because they might want unique code per user and not a shared key passcode on a hotspot page?
paul
Advocate

No need for crazy java script on this one just creative thinking on how to use ISE.  Jason is going to laugh when he reads this solution, but I just tested this and it works perfectly.

 

If you look at the settings for username generation you can specify how ISE crafts the username.  Select email address and then turn off Alphabetic and Special to none.  Change the minimum and numeric to whatever size passcode you want.  I did 6 in my setup.

 

Now for the password, set it to 4 minimum, turn off Alphabetic and Special and set the numeric to custom with only 1s allowed.  Now your password will always be 1111.  That is trick #1.

 

Now, you set the username to use email address, but you don't want ISE to learn the email address in self-registration.  So you shut off the email address input (the native one) and reuse another field for email input.  I used company name and just renamed the prompt to "Email Address".  Now ISE won't learn the email in the correct variable and will build the username just with 6 numeric numbers.  That is trick #2.

 

Finally, on the login screen you hide the password field, change the username prompt to Passcode and use java script to statically set the password to "1111".  That is trick #3.

 

That should work.

jpujol
Cisco Employee

Hi Paul,

 

the current setup is close to what you described, and I already got it working for another customer with 2.3 and a basic self-registration workflow. 

The difference here are :

- 2.4p1 (not sure of any reason why  there would be a difference)

- in addition to the classical self-reg  workflow, the customer wants to give access to a particular group of users from his AD. 

When users are authentified and in the right group, users are able to complete the registration (get their single “passcode”, enter it in the window, and get accès to the network)

When Android (chrome) users authenticate with a valid AD account, but not from the correct group, the authentication policy succeeds, but not the authorization one and the page loops forever instead of presenting a quick error message and going back to the main portal like with others devices (IOS, Firefox,..)

 

Any chance to understand from ISE internal logs what could be wrong or missing in such a situation ?

 

thanks,

 

jean-francois

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube