Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3334
Views
5
Helpful
0
Comments

Combining Sponsored Guest Portal and Hotspot Portal into one

Arne Bier
VIP
VIP

‎06-19-2019 04:26 AM - edited ‎06-19-2019 02:51 PM

Portal Flow Overview:

Imagine you wanted to combine a Sponsored Guest and Hotspot portal from a single landing page - this document shows you how to achieve a portal flow as shown below:

 

ISE SponsorHotspot ScreenflowsDrawing1.png

 

 

Details:

ISE offers various types of guest portal types (Sponsored, Self-Registered and Hotspot) and for many customer use cases these work just fine out of the box. 

 

But there may be times when your customers want to have more than one Portal type on the same SSID/Guest VLAN.  ISE does not have a concept of a landing page that allows us to jump off to various types of Portals.  This might be something in future but for now (ISE 2.6) this does not exist. 

 

There are folks who have posted solutions about linking Portal types to one another using JQuery and these solutions might work for some.  But there are limitations when using custom scripts in Login portals because the Apple CNA (Captive Network Assistant) doesn't like that.  Apple iOS is very popular and we want guest portals to auto-magically appear.  Turning that feature off and asking users to open Safari is not an option for me.  Other limitations might include making the solution highly available if you don't have a single VIP to refer to - hard coding FQDN/IPs into JQuery is not my idea of fun.  Apart from the fact that I am not a web developer - you might have better luck over on DevNet if that is your thing,

 

I am proposing a no-coding solution that fits a particular use-case that might be useful to others.  The use case is this:

  • Customer provides a single Guest WiFi SSID (but could apply to wired as well - I am focusing on Wi-Fi)
  • Customer provides a click-through hotspot for 1 day internet surfing
  • The same portal also allows Sponsored Guests to login and get access for longer periods of time.  Sponsored accounts are provided to visitors via out of band means (e.g. handed to the guest on arrival or in advance via email etc.) - typical Sponsored Guest stuff.

 

Start off by creating a new Self-Registered Guest Portal

 

1.portal type.PNG

 

Then give the Portal a name and description and click Save

2 Name.PNG

 

The rest of the settings are left as default unless I specifically mention to change them, and also changing them is significant.

 

The Login Page Settings are left as default as shown below - the key thing is that there is an option to allow guests to create their own account.  But as you will see later, guests cannot create their own accounts because we will hide all the fields (except for the email address).  

3 Login Page.PNG

 

Then modify the  Registration Form Settings

 

4 Reg page 1.png

4 Reg page 2.png

In the Self-Registration Success Settings you need to select at least one field to display.  Don't worry - ISE won't display these to the user.  But you have to do this anyway to satisfy the Portal creation process.

4 Reg page 3.png

Ensure that you hide the Post Login banner.

5 Post login.png

That's the end of the mandatory settings.  You can tweak the other settings but do them one at a time.  I found that ISE was very fussy about which settings allowed this to work.  Your mileage may vary ...

 

Now move on to the Portal Page Customisation - in this section we mainly change some text to offer more explanation to the user what certain buttons do, and what the Username/Password is for.  Recall that, some users will expect to land on a simple hotspot portal and wonder what the username/password is for - you can think of other descriptive ways to explain this.  My wording is shown below

 

 

 

6 Portal Customisation.png

 

In the Login sub-tab enter some meaningful instructional text as show below

 

 

7 Portal Customisation -LOGIN .png

 

 

 

 

 

In the Self Registration Form sub-Tab edit the button text that used to say "register" - and replace it with something more meaningful like "Click here for internet".

 

10 - reg page.png

 

8 Portal Customisation -self reg.png

 

That's it!

What should it look like?

The landing portal page looks like this:

 

1.png

 

You can either sign in with the sponsor provided creds (e.g. john@email.com as shown above) and be granted internet for the number of days as designated by the Guest Type chosen (I have not covered the Sponsored Guest part here - there are many references available that talk about that)

 

And on the same landing page you can click on the link "GET INSTANT INTERNET ACCESS" which will display this page that looks like a hotspot

2.png

 

The CONNECT NOW button is disabled until you click on the AUP checkbox.  The email address is optional at all times. As soon as you click CONNECT NOW, you will be redirected to  google (or whatever else you like).

 

Let me know if you have any comments or suggestions to improve this

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents