Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
391392393394395396397398399400
Field Description
l Single Sign-On - SAML Identity Provider—Complete the configuration options for
this vendor setting. An appropriate service must also be created in W-ClearPass using
the ClearPass IDP service template. The external service provider must then be
configured to use the SAML Web login page as the IdP.
l Single Sign-On - Authorize Only—Allows the server to be configured as an IdP, and a
login form is not displayed. If the AppAuth request to validate the SAML SP request is
successful, the user is logged in through the normal SAML IdP flow. If the AppAuth
request is not successful, a SAML Failure response is returned to the service provider.
This vendor setting is useful if you have configured Aruba Auto SignOn (ASO) with third-
party Identity Providers.
Login Method Specifies how the user's network login should be handled. Options include:
l Controller-initiated—Guest browser performs HTTP form submit
l Server-initiated—Change of authorization (RFC 3576) sent to controller—Server-
initiated logins require the user's MAC address to be available. This is usually acquired
through the captive portal redirect.
If you are setting up Multi-Factor Authentication (MFA) with username-only
authentication, choose this option.
l Policy Initiated—An enforcement policy will control a change of authorization
This option should be selected if a Policy Manager policy that includes a "bounce client"
will be run as part of the page's actions. This option should be selected if you are using
OnGuard health checks.
Address (Required)IP address or hostname of the vendor's product.
Secure Login Specifies the security option to use for the Web login process. Options include:
l Use vendor default
l Secure login using HTTPS
l Send cleartext passwords over HTTP.
Dynamic Address For multi-controller deployments, if selected, enables sending the IP to submit credentials.
The Allowed Dynamic and Denied Dynamic fields are added to the form.
Allowed Dynamic IP addresses and networks that will be allowed.
Denied Dynamic IP addresses and networks that will be denied.
Security Hash Specifies the level of checking to apply to URL parameters passed to the Web login page.
Detects when URL parameters have been modified by the user (for example, their MAC
address). To prevent the user from tampering with parameters passed in the redirect URL
(for example, their MAC address), select one of the validation error options. Options
include:
l Do not check —login will always be permitted
l Deny login on validation error login will not be permitted
If one of the validation error options is selected, the form expands to include the URL
Hash Key fields.
URL Hash Key (Required) The shared secret (64 characters) used by W-ClearPass and the NAD for the
hash key to validate the redirect URL. This must be entered twice in order to verify the key.
Confirm Key
Dell Networking W-ClearPass Guest 6.6 | User Guide Configuration | 397