Captive Portal user authentication (external Web Authentication)
Captive Portal user authentication provides a means to authenticate the clients through an external web server. A client that seeks web access to a network is redirected to the authentication web login page hosted on the Aruba ClearPass server (external server) that is integrated with the RADIUS server.
NOTE
Because the authentication server and web login page reside in an external server, Captive Portal user authentication is referred to as external Web Authentication in this document.
To equip the Brocade switch to handle the HTTP redirection mechanism, configuration details specific to the Aruba ClearPass server such as virtual IP address, HTTP or HTTPS protocol port number, and login page details hosted on the Aruba ClearPass server must be specified on the switch. Upon receiving the redirected web access request, Aruba ClearPass server honors the login page to the client which in turn submits the user login credentials. The Aruba ClearPass server reverts the credentials and sends the username, password, and default URL of the web page to the network-attached storage (NAS) or switch.
NOTE
For more details for configuring external captive portal on Aruba ClearPass server, refer to the
Aruba ClearPass Guest User Guide. Refer to the ClearPass Guest 6.4 User Guide, as the version used for validation is 6.4.
The Brocade switch makes use of the credentials for initiating the authentication process through the RADIUS server, which is integrated with Aruba ClearPass server.
NOTE
The RADIUS server on the Brocade switch and the one integrated with the Aruba ClearPass server must have the same configuration.
The RADIUS server validates the user credential information and, if the client is authenticated, the client is redirected to the URL provided by the server. For information about re-authentication and login failure behavior, refer to Configuring the re-authentication period and Defining the web authentication cycle.