09-05-2018 07:54 AM
Has anyone had any experience with binding two portals into one guest portal using javascript and faced issues on iPad/iPhone,MAC ?
I have embedded the below script into the landing captive portal page which is a self registration guest portal.
There is a button embedded which when clicked redirects the user to a separate guest portal where users can authenticate using their AD credentials - kind of BYOD.
Initially the second portal which runs the BYOD guest portal ran on port 8455. If we make a change to move the second port to 8443 then that button does not work as expected eventually rendering it not-clickable. Windows work fine.
We are trying to troubleshoot at the browser level using developer tools but found no luck. It looks like the iOS does not like changing ports too often due to security reasons etc. Its seen on Apple CNA, Safari and Chrome. Sometimes after rebooting, clearing cache issue goes away but comes back again.
If anyone experienced such behaviour I would appreciate some pointers or info on it.
Thanks
<script> jQuery(window).ready(function() { var hostname = window.location.hostname; var WebSessionId = window.location.href.substr(window.location.href.search("\\?")).split("=")[2]; jQuery('.cisco-ise-body').append(' <center><a href="https://'+hostname+':8445/portal/PortalSetup.action?portal=bcdac262-a4b1-11e8-a7e6-0050569e539f&sessionId='+WebSessionId+'&action=cwa" style="color: rgb(0,255,0)"><font color="212121"><button type="submit"> Employee Login</button></font></a></center>'); }); </script><br _moz_editor_bogus_node="TRUE" />
Solved! Go to Solution.
09-06-2018 11:30 AM
09-07-2018 08:18 AM
Our scripting expert said the issue was investigated before & the result came back as Apple browser doesn't like port change. You may have to avoid port change & workaround.
- Krish
09-06-2018 05:00 AM
Did you check out this link:
Although, I saw at the bottom of the original thread someone said there was a problem with iPhones.
Do you really need to send the AD users through a BYOD flow though? Natively, the self-registration portal support AD login and the AD users are mapped to their own guest type. So you have control of exactly what endpoint identity group their MACs get put into and how often you purge that group.
09-06-2018 11:14 AM
Of course the obvious questions - Why was the port changed? Can you stick with what works? I have come up empty so far as to what is the reason, as ISE doesn't really care what port is used. You need to base your decision on what works in your environment. I have requested our scripting expert to take a look. Stay tuned.
09-06-2018 11:31 AM
09-06-2018 02:16 PM - edited 09-06-2018 02:20 PM
So we had a setup like below when I first came in.
Guest Portal - 8443
BYOD portal linked to Guest Portal - 8445
Sponsor Portal - 8445
All had same cert group - guest.
Now sponsor portal needed a separate port because it needs a separate cert as guest cert was lacking sponsor FQDN in its SAN. I guess ISE has a limitation of not allowing different certs to portals running on same ports.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva84197/?rfs=iqvred
Hence we needed to segregate the ports so that sponsor and guest portals each have their owns separate cert.
Yesterday we reverted the changes and moved BYOD portal back to 8445 and moved Sponsor portal to 8446 and is everything is working as expected. We maybe needed to improve the javascript.
Somehow Apple devices did not like the change any other port other than 8445 for BYOD.
09-06-2018 11:30 AM
09-06-2018 02:06 PM
09-06-2018 02:08 PM
09-06-2018 02:11 PM
09-06-2018 02:33 PM
09-07-2018 08:18 AM
Our scripting expert said the issue was investigated before & the result came back as Apple browser doesn't like port change. You may have to avoid port change & workaround.
- Krish
09-10-2018 07:10 AM
Thanks - sorry for late response. I am not getting email notification for responses on this thread.
That's what we thought that Apple does not like port changes.
Was your scripting expert able to find any documentation or guideline from Apple regarding this ?
09-10-2018 08:10 AM
No. This was investigated a year ago.
- Krish
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide