Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
1
Replies

ISE with two CWA portals | Restrict guest users from accessing the contractor portal

SHABEEB KUNHIPOCKER
Level 3
Level 3

‎04-23-2018 02:30 AM - edited ‎02-21-2020 10:54 AM

Hi All,

 

I have a customer having one SSID for guest access and another SSID for contractor access. He needs self registration for guest users and sponsored access for contractors. I implemented two portals for him, one for guest and one for contractor. The setup works fine , but recently we noticed that when a guest user puts his credentials in the contractor portal he is able to get an authentication success page. But when he try to browse he is again redirected to contractor portal. Is there any way that we can get an authentication failed page from the contractor portal when a guest user enters his credentials?. 

Labels:
0 Helpful
1 Reply 1

Octavian Szolga
Level 4
Level 4

‎04-23-2018 04:49 AM

Hi,


A guest would get back to the authentication page because it's in a loop.

I guess your solution would be to add a rule between Contractor_SSID_Redirect and Contractor_SSID_Access that would say something like:

If Contractor_SSID and GuestFlow and Guest_User => Blacklist/BlackholePortal or whatever portal ISE has for Denied Access.

 

Your contractors would not hit this rule because they don't belong to a guest user identity group.

This way your guest users logging in using the contractor portal won't get looped anymore.

 

Thanks,

Octavian

0 Helpful
Customers Also Viewed These Support Documents