cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ISE Guest Self-Registration phone number as the username

6649
Views
7
Helpful
25
Comments

ISE Guest Self-Registration phone number as the username

 

The main aim it to authorize guest user by SMS and use his phonenumber as a USERNAME in ISE system.

 

See my doc ISE Guest Web Customization to understand javascript usage

 

Remember this customization is per language, if you want to apply to other languages have to implement under each of them!

 

The final flow is the following:

  • guest user connects to SSID and after opening the browser is redirected to GuestPortal SelfRegistration page;
  • on SelfReg page user is asked to
    • put in his phonenumber
  • after that user clicks Registration button and is redirected to Login page, where he is asked to put in only password (password was generated by ISE and sent to user by SMS).
    • I am working on this piece for now user will have to enter username and password

 

 

The following information will hide the username field, have the user enter there phone number. In the background the system will put the phone as the username

  • Be aware that you’re forcing the user to use the same username so there maybe a collision if the user would try to register with same phone number after account has expired but hasn’t been purged, authorize the endpoint using endpoint groups instead. Create a guest account for 1 day and purge the accounts at 1 day, remember purging happens at 3am or so on the day after its marked for purge. If I register 9am today, my endpoint will be marked to purge 9am next day
  • Recommendation is to set to use authorization based off endpoint group and not the web authentication and set account to expire after 8 hrs purge expired accounts at 1 day and endpoint purge to 2 days (or even 3 days to be safe). If wanting week long access then set account to expire doesn’t matter as long as it happens before the purge..

 

Scripts works for default portals of Cisco ISE.

(For portals created by ISEPB should add a little changes for locators)

 

login - page script (optional content 2)

<script>
    $('input[name="user.username"]').parent().find('label').eq(0).html('Phone number');
    $('.cisco-ise-login-text').prepend("<div class='cisco-ise-form-buttons'><div aria-disabled='false' class='hotspot-btn ui-submit ui-btn ui-shadow ui-btn-corner-all ui-mini ui-btn-inline ui-btn-up-b' data-disabled='false' data-mini='true' data-inline='true' data-theme='b' data-wrapperels='span' data-iconshadow='true' data-shadow='true' data-corners='true'><span class='ui-btn-inner'><span class='ui-btn-text'>Get Access</span></span></div></div>");
    var regBtn = $("#ui_login_self_reg_button").hide();
    $('.hotspot-btn').on('click', function(evt){
        evt.preventDefault();
        regBtn.trigger('click');
    });
</script>

self - reg page (optional content 2)

<script>
    $('input[name="guestUser.fieldValues.ui_user_name"]').parent().hide();
    $('#ui_self_reg_submit_button').on("click", function(evt){
       evt.preventDefault();
       $('input[name="guestUser.fieldValues.ui_user_name"]').val($('input[name="guestUser.fieldValues.ui_phone_number"]').val());
       $('form[name="selfRegForm"]').trigger('submit');
    });
</script>

 

Also here is functionality, if you need user to save his username(phone number) in cookies and autocomplete it for your portal.

 

Script for "Login" page:

 

<script>

var verification = function() {

  var currentUser = $.cookie('user');

  if(currentUser !=null) {

    $('[id="user.username"]').val(currentUser);

  }

}

verification();

</script>

 

Script for "Self-registration" page:

 

<script>

  $('[type="submit"]').on('click', function(){

    var username = $('[name="guestUser.fieldValues.ui_phone_number"]').val();

    $.cookie('user', username, {

      expires : 5    //count of days to expire cookie for user

    })

  });

</script>

Comments
Beginner

Hello, Jason!

About self-reg page (optional content 2) script - maybe to avoid the username collision it is possible to copy information from "guestUser.fieldValues.ui_phone_number" to "guestUser.fieldValues.ui_user_name" and add some random value to it each time the user register its device?

For example, user entered 79997775555 in "guestUser.fieldValues.ui_phone_number" and system copy 79997775555qwe to "guestUser.fieldValues.ui_user_name"

Beginner

Here is another variant of script, which works well.

When user puts in phonenumber 79997775555, system puts the 79997775555_XXXX in Username field, where XXXX is a number between 1000 and 10000.

It is important to allow "_" symbol in ISE Username Guest Policy.

<script>

$('input[name="guestUser.fieldValues.ui_user_name"]').parent().hide();

function randomInteger(min, max) {

    var rand = min + Math.random() * (max + 1 - min);

    rand = Math.floor(rand);

    return rand;

  }

$('#ui_self_reg_submit_button').on('click', function(evt) {

        evt.preventDefault();

        var phoneNumber = $('input[name="guestUser.fieldValues.ui_phone_number"]').val();

        var random = randomInteger(1000, 10000);

        $('input[name="guestUser.fieldValues.ui_user_name"]').val(phoneNumber+'_'+random);

        $('form[name="selfRegForm"]').trigger('submit'); // выполнить отправку формы

    });

</script>

Cisco Employee

I think we were working offline but you never got ahold of me. This is working but you're looking for something to extend the uniqueness of the script though. Lets work offline and come up with a solution

Beginner

This seems like a solution that is a perfect match for my needs :-)

I'm trying this on ISE 2.2 - is it supposed to work?

The "Get Access " button is not working....

Cisco Employee

It should work on the different releases.

Beginner

Is it easy for you to verify this?

Also did you find a way of putting the phone nr automatically as username leaving the user only having to enter password?

Cisco Employee

I assume you're talking about setting the phone number as the username when they try to login to the portal? No its not something we have, this would require it to be cached in a cookie I would believe. And is a separate discussion

I haven't had time to verify as I tied up on other project. Have you tried different browser? Perhaps you are blocking javascript?

Cisco Employee

Could you try please, that one script for login page?

<script>

    $('input[name="user.username"]').parent().find('label').eq(0).html('Phone number');

    $('.cisco-ise-login-text').prepend("<div class='cisco-ise-form-buttons'><div aria-disabled='false' class='hotspot-b tn ui-submit ui-btn ui-shadow ui-btn-corner-all ui-mini ui-btn-inline ui-btn-up-b' data-disabled='false' data-mini='tr ue' data-inline='true' data-theme='b' data-wrapperels='span' data-iconshadow='true' data-shadow='true' data-corners='t rue'><span class='ui-btn-inner'><span class='ui-btn-text'>Get Access</span></span></div></div>");

    $("#ui_login_self_reg_button").hide();

    $('.cisco-ise-scriptable .cisco-ise-form-buttons:nth-child(1) .ui-btn-inner').on('click', function(evt){

        evt.preventDefault();

        $('#ui_login_self_reg_button').trigger('click');

    });

</script>

Hi jason,

My customer is looking for the below flow .

The final flow is the following:

  • guest user connects to SSID and after opening the browser is redirected to GuestPortal SelfRegistration page;
  • on SelfReg page user is asked to
    • put in his phonenumber
  • after that user clicks Registration button and is redirected to Login page, where he is asked to put in only password (password was generated by ISE and sent to user by SMS).

Please let me know if this works in ISE 2.2.

Appreciate your support on the config changes.

thanks and Regards

Mujtaba

Cisco Employee

It should be default ISE portal.

Here is a script for "Login" page :

<script>

setTimeout(function(){

var username = localStorage.getItem('usernameValue');

$('.ui-controlgroup-controls div:nth-child(2)').hide();

$('[for="user.username"]').hide();

$('[name="user.username"]').val(username);

}, 200);

</script>

And here is a script for "Self-registration success" page:

<script>

    $('[type="submit"]').on("click", function(evt){

       var username = $('.ui_self_reg_results_username_label .ui-block-b').text();

       $('input[name="guestUser.fieldValues.ui_user_name"]').val(username);

       localStorage.setItem('usernameValue', username)

    });

</script>

Beginner

Hi, Rolf,

Did you get this script to work on ISE 2.2?

I copied the script to a custom portal but it´s not automatically automatically to selfreg page. It redirects first to login page and from there I´m able to access the self reg. But it´s nos accepting mobile number as the username.

Can you give me some feedback implementing this?

Beginner

Hi,

I never got a working solution with mobile number as username and my understanding from reply from Jason was that this still is not a working solution. I ended up using the script that Serhii provided for easy layout where I autogenerate username based on 4 random letters and password based on 4 random numbers. This was the simplest solution that I found with sms selfregistration even though my first choice would have been mobilephone number as username if that was possible.

regards rolf

Cisco Employee

This has worked for others, what release are you using?

Beginner

Hi,

I am now on ISE 2.3, I tried this on ISE 2.2 but I could not get it to work. I suspect that I have misunderstood you - I interpreted that you were still working on a solution ref your text : "I am working on this piece for now user will have to enter username and password"

Can you confirm that this is supposed to work as described also on 2.3? : ""after that user clicks Registration button and is redirected to Login page, where he is asked to put in only password (password was generated by ISE and sent to user by SMS)

regards rolf

Cisco Employee

The solution is for the user to enter their phone number once and this would be used as the username.

The script combines the username and phone number field into one so they don’t have to enter it twice.

There was an option later to add a cookie to fill in the username automatically if coming back to the page.

What is not working for you?