02-22-2023 10:31 PM - edited 02-22-2023 11:13 PM
i have implement webauth portal for client with email consent enabled. but different devices response to page differently. some devices no issues with the page some dont get the first homepage to enter email id and some get page and after entering it wont show success paage. some of them get the success page with ok button. some people even after clicking ok button it wont respond. may I know the reason for these?
Can any body share step by step procedure for webauth portal for email consent. not need of entering credentials
WLC model - C9800-L-C-K9 (Cisco Catalyst 9800-L Wireless Controller )
Version - 17.3.4c
02-22-2023 11:08 PM
what device working what device not working, can you give more information of end device ?
since you did not mentioned what WLC, I take it as new Cat 9800 check below configuration guide can help you and customize:
02-22-2023 11:39 PM - edited 02-22-2023 11:40 PM
i have updated the details that i missed in main topic
WLC model - C9800-L-C-K9 (Cisco Catalyst 9800-L Wireless Controller )
Version - 17.3.4c
the link that you provided i already referred. im looking for workable step by step procedure for email consent web portal.
02-22-2023 11:55 PM
The URL provided a workable solution and worked when we tested, not artificially created.
Since you have a different issue not normal and also we do not what devices working and what not working, what you have done testing and debugging, what was your observation, it's hard to tell you what is the issue here.
As long as the steps follow, this works as expected, some setups are complex, especially routing and other stuff, where the redirect web portal is hosted.
So you need to debug related to your issue, or contact TACT
02-23-2023 01:22 AM - edited 02-23-2023 01:23 AM
The link you provided is not related to email consent web portal.. its for web authentication portal.
Is there any step by step guide for email consent web portal.
Devices connecting are android, iphone and windows machines.
02-24-2023 05:24 AM
Start by updating your IOS-XE as per TAC recommended link below.
Remember many problems with portals are caused by not using proper public certificates which match the FQDN (domain name) of your portal with corresponding DNS for that domain. If you're trying to do it with self-signed certificates then you're just wasting your time and your users' time. If you use private certificates then they'll only work if you can configure trust of your private CA on every device.
02-24-2023 11:56 PM
I didnt understand you are pointing out. yes. currently we aer using self signed certificate. we are not using any FQDN in this environment.
In my case authentication type im using is local web authentication. its using internal default html pages. the ype of web authentication is consent or web passthrough. so how certificate will play in this case? please let me know if im missing something.
02-25-2023 07:47 AM
Any https page which must be displayed on a device uses a certificate.
The device must be able to trust the CA and intermediate that issue that certificate in order to display the page and content securely.
Modern devices and browsers mostly won't display the page and/or content (or sometimes only after dire security warnings and disclaimers) if they cannot trust the certifcate and that's why self signed certificates and using IP addresses instead of domain names causes problems.
If you insist on using self signed then you will have problems and you'll need to accept that (yes - the users will hate you for the rubbish service).
If you want it all to work properly then do it properly.
02-25-2023 05:28 PM
02-25-2023 05:52 PM
Correct - guest devices will not trust the internal CA certificate.
02-25-2023 06:55 PM
02-25-2023 07:39 PM - edited 02-25-2023 07:40 PM
As long as you load the full cert chain it should send the intermediate to the device (with the server cert) then as long as the device trusts the root the intermediate should be fine so new intermediate should not cause any problems.
02-25-2023 10:52 PM - edited 02-25-2023 11:21 PM
sure. as per your advice ill consider public signed certificate. if they have existing wild card certificate can we use it in this case?
02-26-2023 03:15 PM
I haven't tried wildcard myself but yes, in theory, that should work too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide