Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1891
Views
1
Helpful
7
Replies

Sponsor Portal - HTTP to HTTPS Redirect

Go to solution
Scott Gillies
Level 1
Level 1

‎01-08-2018 09:06 AM

Hi

Happy New Year.

Is it possible to configure ISE to redirect a HTTP request to the Sponsor Portal to the equivalent HTTPS?

I.E. if the sponsor types in the http address it gets redirected to the correct https address.

E.G. redirect http://sponsor.mycompany.com to https://sponsor.mycompany.com

Many thanks

1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Scott Gillies

‎01-08-2018 10:26 AM

Not sure what setup you’re referring to. It works just fine. There is no special setting needed. ISE does the redirect. I just tried it.

Are they perhaps blocking port 80 access to that IP?

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎01-08-2018 09:18 AM

Have you setup the sponsor portal settings for the fqdn?

Does https://sponsor.domain.com work

I am pretty sure http would work if it’s setup

0 Helpful

Go to solution
Scott Gillies
Level 1
Level 1
In response to Jason Kunst

‎01-08-2018 10:03 AM

Have you setup the sponsor portal settings for the fqdn? yes

Does https://sponsor.domain.com work? yes

HTTP is not setup but I have been told that you can setup the ISE to redirect an HTTP request to the equivalent HTTP. Would you know if this is correct? And how?

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Scott Gillies

‎01-08-2018 10:26 AM

Not sure what setup you’re referring to. It works just fine. There is no special setting needed. ISE does the redirect. I just tried it.

Are they perhaps blocking port 80 access to that IP?

0 Helpful

Go to solution
paul
Level 10
Level 10
In response to Jason Kunst

‎01-10-2018 02:39 PM

You have a few challenges here.  If your sponsor portal is running on a different cert than the admin cert you may have SSL issues if you start out https://sponsor.domain.com.  That will go to the SSL cert used by admin, then get redirected to the FQDN you said.  The connection to the admin cert may cause a SSL warning.

If you go to http://sponsor.domain.com you should get a clean redirection to the sponsor portal with no cert warning, except browsers like Chrome always go to SSL if they can and they will change to https://sponsor.domain.com even if you don't want it to.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to paul

‎01-10-2018 03:17 PM

ISE 2.2 is enforcing HTTP Strict Transport Security so that the sponsors might get certificate warnings even with HTTP redirects. FYI.

0 Helpful

Go to solution
Scott Gillies
Level 1
Level 1
In response to paul

‎01-11-2018 09:09 AM

Thanks very much for your response. It has confirmed what I thought.

Is there any reason I should not tag the sponsor portal as "Admin" then?

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Scott Gillies

‎01-11-2018 11:44 AM

Some customers prefer separate certificates that are admin only from that are end-user facing.

Due to HTTP Strict Transport Security, if the deployment is ISE 2.2+, we need the cert used by admin able to match the sponsor portal FQDN so to be used by the sponsors with the friendly FQDN and without cert warning.

0 Helpful
Customers Also Viewed These Support Documents