Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3154
Views
0
Helpful
2
Replies

Which feature exactly we loose when Guest Originating URL not supported

Go to solution
engahmedsaied
Level 1
Level 1

‎01-28-2018 12:32 PM - edited ‎02-21-2020 10:44 AM

Hello,

 

In certain WLCs with ISE compatibility we see that Guest Originating URL is not supported but guest is supported

Guest

RADIUS CoA, URL Redirection + SessionID, Local Web Auth

Guest Originating URL

RADIUS CoA, URL Redirection + SessionID, Local Web Auth

 

just to confirm which we will loose if our WLC doesn't support Guest Originating URL

 

"Guest user is not redirect back to the original URL"  only this if we understand correct ? or something more we can loose ?!

Thanks.

9 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎09-27-2020 08:56 PM

Found  ISE 2.6 Admin Guide > Authentication Success Settings for Guest Portals by searching "cisco Guest Originating URL" :

Originating URL

After successfully authenticating to the network, redirect the user’s browser to the original website that the user is trying to access, if available. If not available, the Authentication Success page displays. Make sure that the redirect URL is allowed to work on port 8443 of the PSN by the access-control list on the NAD and by authorization profiles configured in ISE for that NAD.

For Windows, MAC and Android devices, control is given to the Self-Provisioning Wizard app, which does provisioning. Therefore, these devices are not redirected to the originating URL. However, iOS (dot1X) and unsupported devices (that are allowed network access) are redirected to this URL.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
emerson.albuquerque1
Level 1
Level 1

‎09-24-2020 10:54 AM

Hello all,

 

I found this link about Web Authentication Redirection to Original URL Overview.

I believe it will help us.

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ibns/configuration/15-e/ibns-15-e-book/ibns-webauth-origin-url.html#concept_1C6F778806A94FBBBD14A45C7D7C4372

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎09-27-2020 08:56 PM

Found  ISE 2.6 Admin Guide > Authentication Success Settings for Guest Portals by searching "cisco Guest Originating URL" :

Originating URL

After successfully authenticating to the network, redirect the user’s browser to the original website that the user is trying to access, if available. If not available, the Authentication Success page displays. Make sure that the redirect URL is allowed to work on port 8443 of the PSN by the access-control list on the NAD and by authorization profiles configured in ISE for that NAD.

For Windows, MAC and Android devices, control is given to the Self-Provisioning Wizard app, which does provisioning. Therefore, these devices are not redirected to the originating URL. However, iOS (dot1X) and unsupported devices (that are allowed network access) are redirected to this URL.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents