cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ISE Guest Self-Registration phone number as the username

6602
Views
7
Helpful
25
Comments

ISE Guest Self-Registration phone number as the username

 

The main aim it to authorize guest user by SMS and use his phonenumber as a USERNAME in ISE system.

 

See my doc ISE Guest Web Customization to understand javascript usage

 

Remember this customization is per language, if you want to apply to other languages have to implement under each of them!

 

The final flow is the following:

  • guest user connects to SSID and after opening the browser is redirected to GuestPortal SelfRegistration page;
  • on SelfReg page user is asked to
    • put in his phonenumber
  • after that user clicks Registration button and is redirected to Login page, where he is asked to put in only password (password was generated by ISE and sent to user by SMS).
    • I am working on this piece for now user will have to enter username and password

 

 

The following information will hide the username field, have the user enter there phone number. In the background the system will put the phone as the username

  • Be aware that you’re forcing the user to use the same username so there maybe a collision if the user would try to register with same phone number after account has expired but hasn’t been purged, authorize the endpoint using endpoint groups instead. Create a guest account for 1 day and purge the accounts at 1 day, remember purging happens at 3am or so on the day after its marked for purge. If I register 9am today, my endpoint will be marked to purge 9am next day
  • Recommendation is to set to use authorization based off endpoint group and not the web authentication and set account to expire after 8 hrs purge expired accounts at 1 day and endpoint purge to 2 days (or even 3 days to be safe). If wanting week long access then set account to expire doesn’t matter as long as it happens before the purge..

 

Scripts works for default portals of Cisco ISE.

(For portals created by ISEPB should add a little changes for locators)

 

login - page script (optional content 2)

<script>
    $('input[name="user.username"]').parent().find('label').eq(0).html('Phone number');
    $('.cisco-ise-login-text').prepend("<div class='cisco-ise-form-buttons'><div aria-disabled='false' class='hotspot-btn ui-submit ui-btn ui-shadow ui-btn-corner-all ui-mini ui-btn-inline ui-btn-up-b' data-disabled='false' data-mini='true' data-inline='true' data-theme='b' data-wrapperels='span' data-iconshadow='true' data-shadow='true' data-corners='true'><span class='ui-btn-inner'><span class='ui-btn-text'>Get Access</span></span></div></div>");
    var regBtn = $("#ui_login_self_reg_button").hide();
    $('.hotspot-btn').on('click', function(evt){
        evt.preventDefault();
        regBtn.trigger('click');
    });
</script>

self - reg page (optional content 2)

<script>
    $('input[name="guestUser.fieldValues.ui_user_name"]').parent().hide();
    $('#ui_self_reg_submit_button').on("click", function(evt){
       evt.preventDefault();
       $('input[name="guestUser.fieldValues.ui_user_name"]').val($('input[name="guestUser.fieldValues.ui_phone_number"]').val());
       $('form[name="selfRegForm"]').trigger('submit');
    });
</script>

 

Also here is functionality, if you need user to save his username(phone number) in cookies and autocomplete it for your portal.

 

Script for "Login" page:

 

<script>

var verification = function() {

  var currentUser = $.cookie('user');

  if(currentUser !=null) {

    $('[id="user.username"]').val(currentUser);

  }

}

verification();

</script>

 

Script for "Self-registration" page:

 

<script>

  $('[type="submit"]').on('click', function(){

    var username = $('[name="guestUser.fieldValues.ui_phone_number"]').val();

    $.cookie('user', username, {

      expires : 5    //count of days to expire cookie for user

    })

  });

</script>

Comments
Beginner

No, I did not get it to work, but I will have another go at this now :-)

As this seem to be a solution that many people is interested in it would be a great feature request/enhancement to have this as a pre-configured template in future releases of ISE.

regards rolf

Cisco Employee

Yes we have it on the list.

Beginner

Please confirm my understanding of the expected behavior:

- user is automatically redirected to the selfreg page, not the login page. There he can inform his phone number.

- phone number is "copied" to username and sent do user (via SMS in my case)

- User can login using phone number and the password sent to login.

Cisco Employee

Hi Juliano,

Functionality of script for Login page:

1. Create new custom button "Get Access". (with default Cisco ISE styles)

2. Hide default link "Don't have an account?"

3. Set label "Phone number" instead of "Username"

4. Also there is an event on click for created button "Get Access".

(This functionality works only for default Cisco ISE portals).

Also if you are using custom portals, you should add timeout.

You are correct with 2 and 3 paragraphs.

Thanks.

Beginner

For custom portal you mean a set of pages created in a tool outside ISE (like ISE Portal Builder)? I´m using an ISE built in portal copied from default Self Registered Guest Portal. Is timeout needed in this case?

Cisco Employee

Yea, If you are using ISEPB, even default Cisco ISE template, you should to use timeout in script.

Beginner

Hi Jason. I have a problem with your script. When guest try to register with the phone number at second time (user with this number alredy exist), I have a massage that user alredy exist, but then if I try to change phone number to new the same error message apear again and guest cant register to new number. Could you help with it?

 

And the second question - is it possible to make a button Resend sms if user alredy exist?

Cisco Employee

@evgeny1 correct. the user can only be registered once. If they try to register again then there will be a conflict. The only way around this is to delete the guest account, create an account that is valid for a long time so that people won't need to register again, or set your guest accounts to purge frequently so there are no collisions.

 

There is no way to resend SMS.

 

Please reach out via account team for feature enhancement requests.

Beginner

Hello! Can you help me. I'm trying to configure authorization by phone number. I added scripts, but ISE still generate username form first and last names.

Cisco Employee
Please start new thread