Hi all,
our customer wants to authenticate their employees via Azure AD SAML authentication in his guest SSID with Aruba ClearPass and Aruba WLC.
The SAML part works fine, but I can't wrap my head around how to change the User-role (basically the user ACLs) after the authentication.
The controller is configured to intercept traffic for unauthenticated users and forward it to the ClearPass captive portal. The Captive portal forwards to Microsoft, the user authenticates, and is returned to Clearpass. And then I'm stuck. I can see user data from Azure, but I don't know how I could return something to the controller.
The user is stuck on a "captive portal loop" because I never change the role to one that doesn't intercept.
The thing is, that in ClearPass there is no request from the controller that ClearPass could return a new user role to. And I also don't see any user-specific information, except what I get from Azure, so I can not cache the MAC or anything.
In ClearPass I can only see a request coming from the guest application.
Maybe I'm missing something or am I using SAML for what it wasn't intended for?
No comments:
Post a Comment