Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ISE no redirect to origin URL after guest login

Hi, is there a possibility to redirect a guest user to the origin URL after he logged in successfully?

Right now the attached file is what the user sees after login.

Thanks!

Everyone's tags (4)
1 REPLY

ISE no redirect to origin URL after guest login

The first method is local web authentication. In this case, the WLC  redirects the HTTP traffic to an internal or external server where the  user is prompted to authenticate. The WLC then fetches the credentials  (sent back via an HTTP GET request in the case of an external server)  and makes a RADIUS authentication. In the case of a guest user, an  external server (such as Identity Services Engine (ISE) or NAC Guest  Server (NGS)) is required because the portal provides features such as  device registering and self-provisioning. The flow includes these steps:

  1. The user associates to the web authentication Service Set Identifier (SSID).

  2. The user opens the browser.

  3. The WLC redirects to the guest portal (such as ISE or NGS) as soon as a URL is entered.
  4. The user authenticates on the portal.

  5. The guest portal redirects back to the WLC with the credentials entered.

  6. The WLC authenticates the guest user via RADIUS.

  7. The WLC redirects back to the original URL.

This  flow includes several redirections. The new approach is to use central  web authentication. This method works with ISE (versions later than 1.1)  and WLC (versions later than 7.2). The flow includes these steps:

  1. The user associates to the web authentication SSID, which is in fact open+macfiltering and no layer 3 security.

  2. The user opens the browser.

  3. The WLC redirects to the guest portal.

  4. The user authenticates on the portal.

  5. The  ISE sends a RADIUS Change of Authorization (CoA - UDP Port 1700) to  indicate to the controller that the user is valid, and eventually pushes  RADIUS attributes such as the Access Control List (ACL).

  6. The user is prompted to retry the original URL.
674
Views
0
Helpful
1
Replies
CreatePlease to create content