Solved: No the portal builder option

James Rule · ‎11-11-2015

HI All,

I am deploying ISE 1.4 for a customer, doing central web authentication for a guest wireless network. Guest access is working fine, however the customer has asked me to prevent users from saving usernames and passwords in the browser.

I can't see anywhere to prevent this throught the ISE GUI which leads me to think that we will need to modify the portal HTML.

For ISE 1.2, Cisco provide documentation and code to do this at the following URL:

http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-42-Customize_ISE12_Web_Portals.pdf

These instructions don't work for ISE 1.4 as the Guest Access menus have all changed. In particular, the only advanced customisation that seems to be available is to download a CSS file from the ISE customise it and the upload it to the ISE.

From my limited HTML knowledge, customising the CSS file only allows me to change the look of the portal, not the functionality.

Does anyone know if it's possible to cut custom HTML and install it on ISE 1.4? Looking through the release notes, this was removed in ISE 1.3 when they redid the Guest portal menuss.

Thanks

James

Jason Kunst · ‎12-07-2015

(function(){

jQuery("input[name='user.password']").attr('type', 'text');

})();

</script>

View solution in original post

kurmai · ‎11-12-2015

I did a quick research and it seems like even with regular HTML with javascript there's no easy way to prevent browsers from offering to save the password. Check out this discussion:

http://stackoverflow.com/questions/23177225/how-do-i-disable-the-save-password-bubble-in-chrome-using-javascript

It does mention a workaround which is to use regular text type for the password field, and then use a css to mask it, but I don't see a way to modify that part of the portal HTML.

James Rule · ‎11-12-2015

Thanks for that, some more research shows that all mainstream browsers now ignore the autocomplete=off HTML tag which prevents local password save. The Guest Portal HTML contains this tag, but is now has no effect.

The links you provided show some workarounds, but these require modification to the Guest Portal HTML which doesn't seem to be possible in ISE 1.4

I've now opened a TAC case to see what's possible and will post the outcome here.

Jason Kunst · ‎12-02-2015

How about this? This would be put on the login page under Optional Content 2

See info on how to put javascript on the page in our design guide site

Guest and Web Authentication
ISE Web Portal Customization Options (PDF - 2 MB)

<div class="cisco-ise-optional-content-2" id="ui_login_optional_content_2">
        <script>
(function(){
   jQuery(document).ready(function() {
   jQuery("[name='user.password']").removeAttr("autocomplete");
   jQuery("[name='user.username']").removeAttr("autocomplete");

   });
})();
</script>

James Rule · ‎12-02-2015

HI Jason,

Thanks for that. I tried adding the script into the Optional Content 2 field, but it doesn't seem to have done anything. I've attached the html code I get when I go to the portal test URL. I've only tested with Firefox, but it is definitely still prompting me to save the password.

Lookign at the portal builder it has an option to enable and disable password caching. Could this be the answer I am lookign for? I haven't been able to test this as the portal upload tool isn't working properly for me.

Cheers

James

Jason Kunst · ‎12-02-2015

No the portal builder option is something different. Its not recommend to use the portal builder for anything besides major layout changes where needed

did you make sure you followed the instructions in the how-to guide for working with JavaScript? Specifically on how to set ISE to allow the use of it?

James Rule · ‎12-06-2015

Hi Jason,

I enabled HTML and JavaScript portal customisation as per your document, which is working, and I can do the example exercise 1 from the document, which works fine.

If I past the script you supplied in, it seems to have no effect, and Firefox still prompts me to save the password.

One option that was put to me was to change the type of the password field to text which would stop browsers from prompting to save the password. The downside of this is that the password would be visibile while typing it it, but this is something that the customer would be OK with. Is it possible to do something like this using JavaScript?

Cheers

James

Jason Kunst · ‎12-07-2015

(function(){

jQuery("input[name='user.password']").attr('type', 'text');

})();

</script>

James Rule · ‎12-07-2015

Hi Jason,

Thanks for that, it worked perfectly.

Cheers

James

Jason Kunst · ‎12-22-2015

It looks like not all browsers get this autocomplete=“off” thing.

The easiest way to do that is to change input type from password to text. See my other suggestions

ISE 1.4 Guest Portal Customisation - Prevent users from saving passwords in browser