| Access Code | {$u.username|htmlspecialchars} |
{if $u.create_result.Customize the Guest Accounts Form Next, modify the Guest Accounts form to add a flag that to allows access-code based authentication. 1. Go to Configuration > Pages > Forms & Views. 2. In the Customize Forms & Views list, select create_multi and then click Edit Fields. 3. In the Edit Fields list, look for a field named username_auth. If the field exists but is not bolded and enabled, select it and click Enable Field.
3. Click Create Accounts to display the Finished Creating Guest Accounts page. If you create a large number of accounts, they are created at one time but might not all be displayed at the same time. (This will not affect the printing action in the following step.) 250 | Configuration Dell Networking W-ClearPass Guest 6.5.
4. Confirm that the accounts settings are as you expected with respect to letters and digits in the username and password, expiration, and role. 5. Click the Open print window using template drop-down list and select the new print template you created using this procedure See "Create the Print Template" on page 247 for a description of this procedure. A new window or tab will open with the cards. Dell Networking W-ClearPass Guest 6.5.
Pages The Pages area of the user interface lets you customize the pages that are available to guests and sponsors. To work with pages configuration, go to Configuration > Pages > Start Here. This section includes: l "Customizing Fields" on page 252 l "Customizing Forms and Views" on page 258 l "Customizing Guest Self-Registration" on page 286 l "Managing Web Logins" on page 318 Customizing Fields Custom fields are fields that you define yourself to cater for areas of interest to your organization.
Creating a Custom Field To create a custom field, go to Configuration > Pages > Fields and click the Create tab at the top of the form or the Create a new field link in the upper-right corner. The Create Field form is displayed. The Field Name is not permitted to have spaces but you can use underscores. The Field Type can be one of String, Integer, Boolean or No data type. The No data type field would be used as a label, or a submit button. Enter a description in the Description field.
You can specify the default validation rules that should be applied to this field when it is added to a form. See "Form Validation Properties" on page 276 in this chapter for further information about form validation properties. Select the Show advanced properties check box to reveal additional properties related to conversion, display and dynamic form behavior. See "View Field Editor" on page 284 in this chapter for more information about advanced properties.
Editing a Field You are able to alter the properties of the field by making changes to the Field Name, Field Type, or Description. To edit a field, go to Configuration > Pages > Fields, click the field to be edited, and then click its Edit link. Click Save Changes to commit your changes to the field. Deleting a Field Fields that do not have a lock symbol not be deleted. can be deleted.
3. In the User Interface drop-down list, select Checklist. 4. In the Description text box, delete the existing text, then enter Select the location IDs where this device will be shared. Leave blank to share with all locations. 5. Delete any text from the CSS Class and the CSS Style fields. 6. In the Options Generator drop-down list, select (Use options). 7. In the Options text box, enter a list of values to use as the checklist options that presented to the user.
9. (Optional) To control the layout of the checklist on the form, first use the Layout drop-down list to select either Vertical or Horizontal. The name of the next field changes to correspond to your choice in this field. Enter the appropriate number in the Vertical Rows or Horizontal Rows field. If the Layout field is left blank, the default layout of a single list of checklist options is displayed. To ensure the values are stored correctly as a comma-separated list: 1.
4. In the Display Param text field, enter the value _self. Be sure to include the leading underscore character. 5. Click Save Changes. Example: If the layout is set to vertical and the following options are specified: AP-Group=Location-1 | Location One AP-Group=Location-2 | Location Two AP-Location-3 | Location Three The user interface appears as follows: Customizing Forms and Views You can view a list of W-ClearPass Guest's forms and views.
You can open a form or view directly from the Forms and Views page. To open form or view to use it, go to Configuration > Pages > Forms & Views, click the form’s or view’s row in the list, and then click its Use link. The form or view opens in a separate tab, and the Forms and Views tab stays open so you can work in both. An asterisk (*) shown next to a form or view indicates that the form or view has been modified from the defaults.
The Width field is only displayed for views. It specifies the total width of the list view in pixels. If blank, a default value is used. You can customize the page title, header HTML, and footer HTML for many forms and views (for example, Create Guest Account, Edit Guest Accounts, and others). When these options are available, the Page Properties area is included on the Edit Properties form.
Click the Delete link for a duplicated form or view to remove the copy. A duplicated item cannot be removed if it is referenced by an operator login account or an operator profile. Editing Forms To add a new field to a form, reorder the fields, or make changes to an existing field, go to Configuration > Pages > Forms & Views, click the form’s row in the Customize Forms & Views list, and then click the Edit Fields link. The Customize Form Fields view opens.
Field Description Insert Before Insert After Add a new field to the form. Clicking one of these links opens a blank form field editor and automatically sets the rank number of the new field. Disable Field Disables this field on the form. To enable it on the form again, click Enable Field. Preview Form Opens an example of the form so you can see what it looks like. This preview form can be submitted to test the field validation rules you have defined.
Form Display Properties On the Form Field Editor (see "Form Field Editor " on page 262), the form display properties control the user interface that this field will have. Different options are available in this section, depending on the selection you make in the User Interface drop-down list. Fields with a green border use their base field's value. If you enter a different value to override the base field's value, a Revert option lets you return to the original value.
A new image may be generated, or the image may be played as an audio sample for visually impaired users. When using the recommended validator for this field (NwaCaptchaIsValid), the security code must be matched or the form submit will fail with an error. l Check box – A check box is displayed for the field, as shown below: The check box label can be specified using HTML. If the check box is selected, the field is submitted with its value set to the check box value (default and recommended value 1).
l Checklist – A list of check boxes is displayed, as shown below: The text displayed for each check box is the value from the options list. Zero or more check boxes may be selected. This user interface type submits an array of values containing the option key values of each selected check box. Because an array value may not be stored directly in a custom field, you should use the conversion and value formatting facilities to convert the array value to and from a string when using this user interface type.
For example, suppose the first two check boxes are selected (in this example, with keys “one” and “two”). The incoming value for the field will be an array containing 2 elements, which can be written as array ("one", "two"). The NwaImplodeComma conversion is applied, which converts the array value into the string value “one,two”, which is then used as the value for the field.
l Drop-down list – The field is displayed allowing a single choice from a drop-down list. The text displayed for each option is the value from the options list. When the form is submitted, the key of the selected value becomes the value of the field. If the “Hide when no options are selectable” check box is selected, and there is only a single option in the drop-down list, it will be displayed as a static text item rather than as a list with only a single item in it. Dell Networking W-ClearPass Guest 6.
l File upload – Displays a file selection text field and dialog box (the exact appearance differs from browser to browser). File uploads cannot be stored in a custom field. This user interface type requires special form implementation support and is not recommended for use in custom fields. l Hidden field – If Hidden Field is selected in the User Interface drop-down list, the field is not displayed to the user, but is submitted with the form.
The “Vertical” and “Horizontal” layout styles control whether the check boxes are organized in top-tobottom or left-to-right order. The default is “Vertical” if not specified. When using these options, you may also specify the desired number of columns or rows to adjust the layout appropriately. l Password text field – The field is displayed as a text field, with input from the user obscured. The text typed in this field is submitted as the value for the field. Dell Networking W-ClearPass Guest 6.5.
l Radio buttons – The field is displayed as a group of radio buttons, allowing one to be selected, as shown below: The text displayed for each option is the value from the options list. When the form is submitted, the key of the selected value becomes the value of the field. The “Vertical” and “Horizontal” layout styles control whether the radio buttons are organized in top-tobottom or left-to-right order. The default is “Vertical” if not specified.
If the Hide when no options are selectable check box is selected in the Collapse row, the field will be hidden if its value is blank. To set the value of this field, use the Initial Value option in the Form Validation Properties area of the form field editor. l Static text (Raw value) – The field’s value is displayed as a non-editable text string. HTML characters in the value are not escaped, which allows you to display HTML markup such as images, links and font formatting.
If the Hide when no options are selectable check box is selected in the Collapse row, the field will be hidden if its value is blank. To set the value of this field, use the Initial Value option in the Form Validation Properties area of the form field editor. l Static text (Options lookup) – The value of the field is assumed to be one of the keys from the field’s option list. The value displayed is the corresponding value for the key, as a non-editable text string.
If the Hide when no options are selectable check box is selected in the Collapse row, the field will be hidden if its value is blank. To set the value of this field, use the Initial Value option in the Form Validation Properties area of the form field editor. l Static group heading – The label and description of the field is used to display a group heading on the form, as shown below. The field’s value is not used, and the field is not submitted with the form.
l Submit button – The field is displayed as a clickable form submit button, with the label of the field as the label of the button. The description is not used. The field’s value is ignored, and will be set to NULL when the form is submitted. To place an image on the button, an icon may be specified. To match the existing user interface conventions, you should ensure that the submit button has the highest rank number and is displayed at the bottom of the form.
It is recommended that you specify the desired minimum dimensions of the text area, either with the Rows and Columns options, or by specifying a width in the CSS Style option (for example, “width: 460px; height: 100px;” specifies a 460 x 100 pixel minimum area). l Text field – The field is displayed as a single-line text box. The text typed in this box is submitted as the value for the field. A short text label may be placed after the text box using the Label After option.
Form Validation Properties On the Form Field Editor (see "Form Field Editor " on page 262), the form validation properties control the validation of data entered into a form. By specifying appropriate validation rules, you can detect when users attempt to enter incorrect data and require them to correct their mistake. The initial value for a form field may be specified. Use this option when a field value has a sensible default. The initial value should be expressed in the same way as the field’s value.
The Validator Param is the name of a field on the form, the value of which should be passed to the validator as its argument. This could be used to validate one field based on the contents of another. However, in most deployments this does not need to be set. Set the Validator Param to its default value, “(Use argument)”, to provide a fixed value as the argument to the validator. The Validator Argument is used to provide further instructions to the selected validator.
Furthermore, be aware that blank values, or non-numeric values, will result in a different error message: The reason for this is that in this case, the validation has failed due to a type error – the field is specified to have an integer type, and a blank or non-numeric value cannot be converted to an integer. To set the error message to display in this case, use the Type Error option under the Advanced Properties.
Notice that the regular expression used here includes beginning and ending delimiters (in this case the / character), and ensures that the whole string matches by the start-of-string marker ^ and the end-of-string marker $. The construct \d is used to match a single digit. Many equivalent regular expressions could be written to perform this validation task. See "Regular Expressions" on page 616 for more information about regular expressions.
For pre-registered guest accounts, some fields may be completed during pre-registration and some fields may be left for the guest to complete at registration. You can use the Pre-Registration field to specify whether the guest’s entry must match the preliminary value provided for a field during pre-registration. l If a value was not provided for a field when the account was created, choose Field was not preregistered from the drop-down list.
7. Click Save Changes. The Customize Form Fields view opens again, and the password field is now included and can be edited. To create the multiple accounts that all use the same password, see "Creating Multiple Guest Accounts" on page 48. Form Field Validation Processing Sequence The following figure shows the interaction between the user interface displayed on a form and the various conversion and display options available on the Form Field Editor (see "Form Field Editor " on page 262) .
In this case, the Conversion function is set to NwaConvertOptionalDateTime to convert the string time representation from the form field (for example, “2008-01-01”) to UNIX time (for example, 1199145600). The Validator for the expire_time field is IsValidFutureTimestamp, which checks an integer argument against the current time. The Value Formatter is applied after validation.
When using a Conversion or Value Format function, you will almost always have to set up a Display Function for the form field. This function is used to perform the conversion in the reverse direction – between the internal stored value and the value displayed in the form field. See "Form Field Conversion Functions" on page 611 for a detailed list of the options available to you for the Conversion and Value Format functions.
Additional examples of the Visible If conditional expressions can be found in the guest_edit form. Editing Views A view is a page in the application that displays data, similar to a form, but does not contain interactive fields the user can modify. It consists of one or more columns, each of which contains a single field. You can change which fields are displayed and how each field is displayed.
Each column in a view displays the value of a single field. To use the default view display properties for a field, you only need to select the field to display in the column and then click the Save Changes button. To customize the view display properties, click the Advanced view options… check box. The column type must be one of the following: l Text – The column displays a value as text. l Sortable text – The column displays a value as text, and may be sorted by clicking on the column heading.
l Use form options – The value of the field is assumed to be one of the keys from the field’s option list. The value displayed is the corresponding value for the key. l Custom expression… – The Display Expression text area is displayed allowing a custom JavaScript expression to be entered. See "View Display Expression Technical Reference" on page 613 for technical information about this display expression and a list of the functions that are available to format the value.
Click a page's row in the list to select it. The row expands to include options for working with the selfregistration pages. Field Description Edit Edit any of the self-registration page's properties. The Customize Guest Registration workflow diagram opens. Links in the workflow diagram provide access to any section of the registration page's properties. For information on editing the different parts of the self-registration process, see "Editing Self-Registration Pages" on page 291.
Disabling a Self-Registration Page When you choose the Disable option for a self-registration page, the row expands to include the Disable Guest Registration form. In the Disabled Message text box, you may enter the HTML content to display on the page when guest registration is disabled. You can also use the drop-down list to add images or other content items.
The Receipt Page After the visitor successfully registers, the receipt page is their confirmation and provides their login and access information. The "Go to Portal" Option When you choose the Go To Portal option for a self-registration page, the row expands to show an active preview of the Self Service Login page and form as the visitor would see it. This form lets the visitor access their account information. You may test the behavior of the form. Dell Networking W-ClearPass Guest 6.5.
The "Go to Login" Option When you choose the Go To Login option for a self-registration page, the row expands to show an active preview of the Network Login page and form as the visitor would see it. This is the page the visitor sees when they log in to the network. You may test the behavior of the form. Self-Registration Sequence Diagram To set up a captive portal with guest self-registration, you configure your Network Access Servers to redirect guests to the URL of the ‘Go To’ link.
Figure 60 Sequence Diagram for Guest Self-Registration In this diagram, the stages in the self-registration process are identified by the numbers in brackets, as follows: The captive portal redirects unauthorized users [1] to the registration page [2]. After submitting the registration form [3], the guest account is created and the receipt page is displayed [4] with the details of the guest account.
Figure 61 Guest Self-Registration Workflow Diagram . The diagram shows the guest self-registration process. The solid orange arrows show the workflow for the visitor. The dotted blue arrows show the workflow for the administrator. The blue headings in the diagram are links to the corresponding sections of the Customize Guest Registration form. Click an icon or label in the diagram to jump directly to the editor for that item.
Field Description Name (Required) The name of this self-registration page to identify it —for example, "Guest Self-Registration". This name can include spaces. This name is only displayed to administrators within W-ClearPass; it is not seen by the visitor. Description You may enter comments to further identify or describe this page. This description is only displayed within W-ClearPass. Enabled When creation of this page is complete, select this check box to make it available to use.
Field Description must include the Guest Manager > Create New Guest Account privilege. Save Changes Saves your changes and creates the self-registration page. This form closes and the self registration process diagram opens. Save and Continue Saves your changes and creates the self-registration page. The next section of the Customize Guest Registration form opens.
Table 57: Customize Guest Registration, Basic Properties(Continued) Field Description l l l l l l l l (Default) Aruba ClearPass Skin Blank Skin Custom Skin 1 Custom Skin 2 Dell ClearPass Skin Galleria Skin Galleria Skin 2 Prevent CNA Enables bypassing the Apple Captive Network Assistant (CNA). The CNA is the pop-up browser shown when joining a network that has a captive portal. This option might not work with all vendors; it is dependent on how the captive portal is implemented.
Table 58: Customize Guest Registration, Access Control Field Description Authentication To require operator credentials in order to access the page, select the check box in this row. The sponsor’s operator profile must include the Guest Manager > Create New Guest Account privilege. Allowed Access The IP addresses and networks from which access is allowed or denied (IPv4 and IPv6 are both supported).
Figure 64 The Customize Guest Registration Form Template code for the title, header, and footer may be specified. See "Smarty Template Syntax" on page 570 for details on the template code that may be inserted. Select the Do not include guest registration form contents check box to override the normal behavior of the registration page, which is to display the registration form between the header and footer templates.
The default settings for this form are as follows: l The visitor_name and email fields are enabled. The email address of the visitor will become their username for the network. l The expire_after field is set to a value of 24 by default; this sets the default expiration time for a selfregistered visitor account to be 1 day after it was created. This field is hidden by default on the register page.
Table 59: Form Editor Columns Field Description Rank Specifies the relative ordering of the fields when displaying the form. This list always shows the fields in order by rank. Type Controls what kind of user interface element is used to interact with the user. Label The label for this field as it is displayed on the form. Description The description for this field as it is displayed on the form. To work with a form field, click its row in the list.
Click the Save Changes button to return to the process diagram for self-registration. Editing Receipt Actions To edit the actions that are available after a visitor account has been created: 1. Go to Configuration > Pages > Guest Self-Registration. 2. Select an entry in the Guest Self-Registration list and click its Edit link. The Customize Guest Registration workflow page appears. 3. In the Receipt Page area of the diagram, click the 300 | Configuration Actions link. The Receipt Actions form opens.
Enabling Sponsor Confirmation for Role Selection You can allow the sponsor to choose the role for the user account at the time the sponsor approves the selfregistered account. To enable role selection by the sponsor: 1. Go to Configuration > Pages > Guest Self-Registration. Click the Guest Self-Registration row, then click its Edit link. The Customize Guest Registration diagram opens. 2. In the Receipt Page area of the diagram, click the Actions link. Dell Networking W-ClearPass Guest 6.5.
The Receipt Actions form opens. 3. In the Sponsorship Confirmation area at the bottom of the form, mark the Enabled check box for Require sponsor confirmation prior to enabling the account. The form expands to let you configure this option. 4. In the Authentication row, mark the check box for Require sponsors to provide credentials prior to sponsoring the guest. 5. In the Role Override row, choose (Prompt) from the drop-down list. 6.
7. You can click the Launch this guest registration page link at the upper-right corner of the Customize Guest Registration diagram to preview the Guest Registration login page. The Guest Registration login page is displayed as the guest would see it. When a guest completes the form and clicks the Register button, the sponsor receives an email notification. 8. To confirm the guest’s access, the sponsor clicks the click here link in the email, and is redirected to the Guest Registration Confirmation form.
Editing Email Delivery of Guest Receipts The Email Delivery options available for the receipt page actions allow you to specify the email subject line, the print template and email format, and other fields relevant to email delivery. When email delivery is enabled, the following options are available to control email delivery: l Disable sending guest receipts by email – Email receipts are never sent for a guest registration.
l Auto-send guest receipts by email with a special field set – If the Auto-Send Field available for this delivery option is set to a non-empty string or a non-zero value, an email receipt will be generated and sent to the visitor’s email address. The auto-send field can be used to create an “opt-in” facility for guests.
2. In the Receipt Page area of the diagram, click the Actions link. The Receipt Actions form opens. 3. Scroll down to the Download Pass area of the form. l If a Pass Certificate is not installed, an error is displayed. For information on digital passes and installing pass certificates, see "Digital Passes" on page 337. l If the Pass Certificate is installed, select the appropriate pass template.
Table 61: The Customize Guest Self-Registration Form, Login Form and Post-Authentication Field Description Custom Form Indicates you will provide a custom login form. If selected, you must supply your own HTML login form for the header or footer HTML areas. Custom Labels Enables altering the default labels and error messages. Username Label Label that appears on the form for the username field. Leave blank to use the default, (Username:).
Field Description accept the terms of use) Terms Layout Layout for the terms and conditions text—either above or below the Terms check box. Terms Error Text to display if the terms are not accepted. Leave blank to use the default (In order to log in, you must accept the terms and conditions.). Log In Label Label that appears on the form for the login button. Leave blank to use the default (Log In).
Table 62: The Customize Guest Self-Registration Form, Login UI Section Field Description Login Page Title The title that will be displayed on the NAS login page. Header HTML The HTML content to display above the NAS login form. You can use the drop-down lists to add images or other content items. Footer HTML The HTML content to display below the NAS login form. You can use the drop-down lists to add images or other content items.
Click the Save Changes button to return to the process diagram for self-registration. Configuring Self-Registration with Onboard Device Enrollment To allow Onboard enrollment with self-registrations, go to Configuration > Pages > Guest SelfRegistrations > Receipt Page > Login Message.
Table 63: Customize Guest Registration, Onboard Enrollment(Continued) Field Description Native agents with Java fallback Java only Header HTML Enter the HTML for the message that is displayed before the health check. You can use the dropdown lists to add images or links. Footer HTML Enter the HTML for the message that is displayed after the health check. You can use the dropdown lists to add images or links. Click the Save Changes button to return to the process diagram for self-registration.
Table 64: Customize Guest Registration, Social Logins Properties Field Description Social Login To enable the use of social network credentials to log in, select this check box. The form expands to include social login configuration options. Authentication Providers All social network providers that have been configured are included in this list. Add new authentication provider Opens the properties form for adding and configuring the selected social network provider.
Field Description Move Down Delete Removes the provider from the list and deletes its configuration. You will be asked to confirm the deletion. Add new authentication provider Opens the properties form for adding and configuring a social network provider. Provider (Required) Select a social network provider from the drop-down list. Enabled If selected, this provider can be used. Client ID The client ID to use with this provider. The provider might use a different label.
Field Description Allow Guests If selected, allows Google accounts that are not part of your domain to log in as guests. The social_vip flag will be set to false for these users. Admin SDK Refresh Token (Required) Enter a valid Google API admin refresh token. To generate a new refresh token, clear this value. You will need to generate a new authorization code. Generate Code To generate a new authorization code, click the link in this field.
To adjust the user interface, use the override check boxes to display additional fields on the form. These fields allow you to customize all text and HTML displayed to users of the self-service portal. The behavioral properties of the self-service portal are described below: l The “Enable self-service portal” check box must be selected for guests to be able to access the portal.
Click the Save Changes button to return to the process diagram for self-registration. Resetting Passwords with the Self-Service Portal The self-service portal includes the ability to reset a guest account’s password.
To enable a more secure password reset operation, first enable the secret_question and secret_answer fields to the registration form. The default appearance of these fields is shown below: Next, enable the Required Field option in the Self-Service Portal properties. Setting this to (Secret Question) will ask the guest the secret_question and will only permit the password to be reset if the guest supplies the correct secret_answer value.
Enabling and Editing NAS Login Properties To enable and edit the properties for automatic NAS login: 1. Go to Configuration > Pages > Guest Self-Registration. Click to expand the Guest Self-Registration row in the form, then click its Edit link. The Customize Guest Self-Registration diagram opens. 2. In the lower-right corner of the diagram, click the NAS box or the NAS Vendor Settings link. The NAS Login form opens.
To view the list of your Web login pages and work with them, go to Configuration > Pages > Web Logins. The Web Logins list view opens. All Web login pages you have created are included in the list. Information shown for each page includes its name for internal identification, title as displayed in the user interface, filename, and the skin assigned to it.
Onboard creates a default Web login page that is used to start the device provisioning process. To create a new Web login page, go to Configuration > Pages > Web Logins and click the Create new Web login page link in the upper-right corner. The Web Login Editor form opens. Table 66: Web Login Editor, General Properties Field Description Name (Required) Enter a name for the page. Page Name Identifier page name that will appear in the URL -- for example, "/guest/page_name.php".
Field Description login form is not displayed. If the AppAuth request to validate the SAML SP request is successful, the user is logged in through the normal SAML IdP flow. If the AppAuth request is not successful, a SAML Failure response is returned to the service provider. This vendor setting is useful if you have configured Aruba Auto SignOn (ASO) with thirdparty Identity Providers. Login Method Specifies how the user's network login should be handled.
Table 67: Web Login Editor, Login Form Properties Field Description Submit URL URL of the NAS device's login form. Submit Method Method to use when submitting the login form to the NAS. Options include: POST l GET l Authentication Authentication requirement options include: Credentials — Require a username and password l Access Code — Only require a username for authentication—This option does not require a password.
Field Description Prevent CNA Enables bypassing the Apple Captive Network Assistant (CNA). The CNA is the pop-up browser shown when joining a network that has a captive portal. This option might not work with all vendors; it is dependent on how the captive portal is implemented. Custom Form Indicates you will provide a custom login form. If selected, you must supply your own HTML login form for the header or footer HTML areas. Custom Labels Enables altering the default labels and error messages.
Field Description target="_blank">terms of use) Terms Layout Layout for the terms and conditions text—either above or below the Terms check box. Terms Error Text to display if the terms are not accepted. Leave blank to use the default (In order to log in, you must accept the terms and conditions.). Log In Label Label that appears on the form for the login button. Leave blank to use the default (Log In). Title Title to display on the Web login page.
Table 69: Web Login Editor, Login Page Properties Field Description Skin (Required) Specifies the skin to use for the login page. Skin to use for the Web login page. Options include: l (Default) l Aruba ClearPass Skin l Blank Skin l Custom Skin 1 l Custom Skin 2 l Dell ClearPass Skin l Galleria Skin l Galleria Skin 2 Title The title that will be displayed on the page. Header HTML The HTML content to display above the login form. The default content is shown, and can be modified.
Field Description HTML You can also use the drop-down lists to add images or other content items, or to insert a selfregistration link. Login Message Enter the HTML template code for the text to display while the login attempt is in progress. The default content is shown, and can be modified. You can also use the drop-down list to add images or other content items. Login Delay Specifies the number of seconds to delay while displaying the login message.
Table 70: Web Logins Editor, Social Logins Properties Field Description Social Login To enable the use of social network credentials to log in, select this check box. The form expands to include social login configuration options. Authentication Providers All social network providers that have been configured are included in this list. Add new authentication provider Opens the properties form for adding and configuring a social network provider.
Field Description Move Down Delete Removes the provider from the list and deletes its configuration. You will be asked to confirm the deletion. Add new authentication provider Opens the properties form for adding and configuring a social network provider. Provider (Required) Select a social network provider from the drop-down list. Enabled If selected, this provider can be used. Client ID The client ID to use with this provider. The provider might use a different label.
Field Description Allow Guests If selected, allows Google accounts that are not part of your domain to log in as guests. The social_vip flag will be set to false for these users. Admin SDK Refresh Token (Required) Enter a valid Google API admin refresh token. To generate a new refresh token, clear this value. You will need to generate a new authorization code. Generate Code To generate a new authorization code, click the link in this field.
Table 72: Web Login Editor, Post-Authentication Properties Field Description Health Check Requires the visitor to pass a health check before they can access the network. The health check is done automatically through the OnGuard Dissolvable Agent. Client Agents l Header HTML The HTML content to display above the health check text. The default content is shown, and can be modified. You can also use the drop-down list to add images or other content items.
Managing Web Pages Simple Web pages provide additional information to guests -- for example, advising them that the device does not meet security requirements, service is unavailable, their browser is unsupported, or the device is jailbroken. The Web Pages view lists all the Web pages you have created, and lets you edit and preview them and create new Web pages. It also includes templates for new Web pages. Each template may be used as it is or can be used as the basis for a page you design.
Browser Unsupported Page Template The Browser Unsupported template can be used to show a message advising the guest that their browser is not supported. Figure 67 The Page Displayed by the Browser Unsupported Template Jailbroken Device Page Template The Jailbroken Device template can be used to show a message advising the guest that the iOS device has been modified, or jailbroken. Figure 68 The Page Displayed by the Jailbroken Device Template 332 | Configuration Dell Networking W-ClearPass Guest 6.5.
Posture Check Page Template The Posture Check template can be used to show a message advising the guest that the device does not meet the organization’s minimum security requirements (detected by OnGuard). Figure 69 The Page Displayed by the Posture Check Template Service Unavailable Page Template The Service Unavailable template can be used to show a message advising the guest that service is temporarily unavailable. Dell Networking W-ClearPass Guest 6.5.
Figure 70 The Page Displayed by the Service Unavailable Template Creating and Editing Simple Web Pages The Web Page Settings form lets you create a new simple Web page, edit an existing page, or copy a template or existing page to use as a basis for a new page. To perform these tasks, go to Configuration > Pages > Web Pages, and then: l To create a new simple Web page, click the Create a new Web page link in the upper-right corner.
Figure 71 The Web Page Settings Editor, General Settings Figure 72 The Web Page Settings Editor, Advanced Settings Dell Networking W-ClearPass Guest 6.5.
Table 74: Web Page Editor, General Properties Field Description Name (Required) Enter a name for the page. This name is seen only by administrators in W-ClearPass Guest. Page Name Enter the page name (filename) that will appear in the URL-- for example, "page_name". Enabled Specifies whether the page is enabled or disabled for use. Description Optional comments or notes about the page. Skin Skin to use for the Web page.
l "Customizing SMS Receipt" on page 357 l "Customizing Print Templates " on page 358 Digital Passes Digital passes are cryptographically signed files containing fields and images that are used as boarding passes, event tickets, coupons, store passes, or other scannable items. In Dell Networking W-ClearPass Guest, you can upload and install digital pass certificates, create new templates for digital passes, and use the passes for guest receipts.
Passes can be organized in Apple Passbook on the user's device. Good visual design practices ensure that each pass can be quickly recognized when displayed amongst other passes. (Apple Passbook is available on Apple iOS 6+ devices.) To use a pass such as a membership card or store card, the user selects it from the passbook and displays it so the barcode can be scanned.
Template" on page 343. Pass templates define: l Name and a description: Used to identify the template in W-ClearPass administrative forms and views. l Style: Boarding Pass, Event ticket, Coupon, Store Pass, or Generic. l Colors: Foreground, background, and label. If no alternate colors are specified, then default colors will be used. If there are alternate colors specified, then they will be used instead of the default colors. l Summary: Short description for a voice-over.
3. Create a certificate for your Pass Type ID. 4. Follow the portal’s instructions to create a certificate signing request using Keychain Access (a standard Mac OS X application) and submit it to the portal. 5. Download the Pass Type ID certificate. You also need to provide the private key for the pass certificate. If you created the certificate signing request using Keychain Access: 1. In Keychain Access, locate the private key for the certificate signing request. 2.
If no pass certificate is installed yet, no details are displayed. Click the Upload pass certificate link to obtain and install a certificate. See "Installing Digital Pass Certificates" on page 341. Installing Digital Pass Certificates You must have a valid Pass Certificate issued by Apple in order to generate and download passes. To obtain a pass certificate, you first need an Apple developer account. Developer accounts are free; to register for an account, go to developer.apple.
To install the certificate, go to Configuration > Digital Passes > Start Here and click the Install Pass Certificate link, or go to Configuration > Digital Passes > Pass Certificate and click the Upload pass certificate link. Step 1 of the Install Pass Certificate form opens. Field Description Format Specify whether you will upload the certificate as a file or paste in the certificate text. The form expands to include the Step 2 options.
Field Description Edit Edit any of the template's properties. Copy Make a copy of the template to use as a basis for a new template. Reset to Defaults Resets the default template to its original settings if changes were made. (Only available for the default template) Delete Deletes the pass template. (The default Guest Receipt template cannot be deleted) Create a new template Create a new template.
Defining Pass Properties For examples of variables that can be used in the Summary and Logo Text fields described in the following table, click the Example 'template code' replacements link above the form, or see "Example Template Code Variables" on page 349. For a list of image fields supported by each of the different pass styles, click the A note regarding images and icons link above the form, or see "Images in Digital Passes" on page 350.
Field Description Summary (Required) Short summary for the pass. This lets VoiceOver make the pass accessible to blind and low-vision users. Summary text typically contains standard template code that is evaluated when the pass is generated. Template code entered here must produce a summary for the pass to be valid. Pass Style (Required) Style of pass to generate. Options include: Generic — a general purpose pass l Boarding Pass (e.g., airline, boat, bus, train) l Coupon (e.g.
Defining Pass Fields Table 77: Pass Fields, Pass Template Settings Field Description Fields List of fields currently included in this pass template, with descriptions. You can click a field's row for configuration options. Edit Opens the Field Properties editor, where you can enable the field and modify its placement, content, and presentation properties. Disable Disables the field for the pass. To enable it again, click its Enable link. Move Up Fields are shown in this list in their rank order.
Table 78: Relevant Locations, Pass Template Settings Field Description Relevant Locations If selected, shows the digital pass on the user's lock screen when near a given location. Passbook determines the appropriate distance around the location for the pass to be displayed on the lock screen. Location Limit A pass template may only contain 10 locations. More may be added here, but only the first 10 valid locations will be included in the pass.
Table 79: Relevant Dates, Pass Template Settings Field Description Relevant Date If selected, shows the digital pass on the user's lock screen when near a given date. Passbook determines the appropriate span of time around the date for the pass to be displayed on the lock screen. You can also edit a date type field in the Pass Fields area of the form to be a relevant date.
Table 80: Associated Apps, Pass Template Settings Field Description Associated Apps If selected, shows an associated application on the back of the pass. Passbook determines the appropriate distance around the location for the pass to be displayed on the lock screen. First Compatible App Multiple associate apps can be referenced by a pass, but only the first app that is compatible with the current device will have a link shown on the back of the pass.
Images in Digital Passes To make images available for selection, they must first be uploaded to the Public Files area in Content Manager. The images supported by each style of pass are shown below. This images list is also available when you go to Configuration > Digital Passes > Pass Templates, click the Edit or Create link, and then click the A note regarding images and icons link. 350 | Configuration Dell Networking W-ClearPass Guest 6.5.
Only PNG image files (*.png) are supported by passes. A pass can contain both a low-resolution version (i.e. for non-Retina displays) and a high-resolution version (i.e. for Retina displays) of each image. If it has been uploaded to the content manager, the high-resolution version of an image is also automatically included in the pass. The high-resolution version must be named with the suffix @2x at the end of the filename, just before the file extension—for example: l Company_Logo.
The following options are available in the Enabled drop-down list to control email delivery: Table 81: Email Delivery Options, Customize Guest Self-Registration Field Description Disable sending guest receipts by email Email receipts are never sent for a guest registration. Always auto-send guest receipts by email An email receipt is always generated using the selected options, and is sent to the visitor’s email address.
See "Email Receipt Options" on page 353 for details about the email receipt options. Email Receipt Options The Customize Email Receipt form may be used to set default options for visitor account email receipts. To configure email receipt options, go to Configuration > Pages > Email Receipts. The Customize Email Receipt form opens.
Field Description options: No skin – Plain text only – A skin is not used, and the email will be sent in plain text format. Use this option to remove all formatting from the email. l No skin – HTML only – A skin is not used, but the email will be sent in HTML format. Use this option to provide a basic level of formatting in the email. l No skin – Native receipt format – A skin is not used. The email will be sent in either plain text or HTML format, depending on the type of print template that was selected.
Figure 74 Example of Email Receipt Test Message Content About Customizing SMTP Email Receipt Fields The behavior of email receipt operations can be customized with certain guest account fields. You do this on a per-user basis. Table 83: SMTP Email Receipt Fields Field Description smtp_enabled May be set to a non-zero value to enable sending an email receipt. If unset, the default value from the email receipt configuration is used.
Field Description smtp_auto_send_field Specifies the name of the field that contains the auto-send flag. If blank or unset, the default value from the email receipt configuration is used. Additionally, the special values “_Disabled” and “_Enabled” may be used to never send email or always send email, respectively. smtp_cc_list Sspecifies a list of additional email addresses that will receive a copy of the visitor account receipt.
Field Description smtp_warn_before_cc_list This overrides the list of additional email addresses that receive a copy of the visitor account receipt under Logout Warnings on the email receipt.If the value is “default”, the default carbon-copy list under Logout Warnings from the email receipt configuration is used. smtp_warn_before_cc_action This field overrides how copies are sent as indicated under Logout Warnings on the email receipt. to send copies of email receipts.
l sms_enabled – This field may be set to a non-zero value to enable sending an SMS receipt. If unset, the default value is true. l sms_handler_id – This field specifies the handler ID for the SMS service provider. If blank or unset, the default value from the SMS plugin configuration is used. l sms_template_id – This field specifies the print template ID for the SMS receipt. If blank or unset, the default value from the SMS plugin configuration is used.
Plain text print templates may be used with SMS services to send guest account receipts; see "About SMS Guest Account Receipts " on page 373 for details. Because SMS has a 160 character limit, the number of characters used in the plain text template will be displayed below the preview. If you are including a guest account’s email address in the SMS, remember to allow for lengthy email addresses (up to 50 characters is a useful rule of thumb).
This section is followed by three other sections: the body, the header and the footer. Each section must be written in HTML. There is provision in each section for the insertion of multiple content items such as logos. You are able to add Smarty template functions and blocks to your code. These act as placeholders to be substituted when the template is actually used. See "Smarty Template Syntax" on page 570 for further information on Smarty template syntax.
You can use an {if} statement to define a single print template that caters to multiple situations.
The print template may also contain visitor account fields. The value of each field is displayed in the print template. By default, the wizard sets up the template with the username, password and role_name fields, but these may be customized. Options in the Fields row let you add, remove, or change the order of fields. Use the drop-down list to choose the field name, then click the icon at the left of the drop-down list. The field’s row expands to include the option links.
The permissions defined on this screen apply to the print template identified in the “Object” line. The owner profile always has full access to the print template. To control access to this print template by other entities, add or modify the entries in the “Access” list. To add an entry to the list, or remove an entry from the list, click one of the icons in the row. A Delete icon and an Add icon will then be displayed for that row.
SMS Services With SMS Services, you can configure W-ClearPass Guest to send SMS messages to guests. You can use SMS to send a customized guest account receipt to your guest’s mobile phone. You can also use SMS Services to send an SMS from your Web browser. To use the SMS features, you must have the SMS Services plugin installed.
Table 85: SMS Gateways List l Field Description Edit Lets you make changes to the gateway. See "Editing an SMS Gateway" on page 370. Duplicate Lets you make a copy of the gateway to use as a base for a new gateway. A new gateway will be added to the list with the name “Copy of ”. Delete Lets you remove the gateway from the list. You are asked to confirm the deletion. Click OK at the prompt to delete the gateway.
| Configuration Dell Networking W-ClearPass Guest 6.5.
Table 86: SMS Gateway Configuration -- Gateway and Service Settings Options Field SMS Gateway Description (Required) The SMS gateway service to use. Options in this drop-down list include: ClearPass Guest SMS Service l Custom HTTP Handler l SMS over SMTP l External Providers The options presented in the Service Settings area depend on the gateway selected here. l Display Name Carrier Selection Name for this gateway service handler.
Field Description available substitutions. Authentication Method (Required) Specifies how the username and password will be passed to the gateway. Select either Substituted parameters or HTTP Basic Authentication. Service Username (Required) Your authorization username for your SMS service provider. If you are using W-ClearPass Guest SMS Service and have entered your W-ClearPass subscription ID in the Software Updates page of W-ClearPass Policy Manager’s Administration module, leave this field blank.
Table 87: SMS Gateway Configuration -- Mobile Number Settings Options Field Description Country Code Default country code to use for mobile telephone numbers that start with the national prefix. Most SMS providers require that the number be sent with the country code. Default Length If your country has a default length, enter it here. The country code entered in the previous field will be automatically added if it is required.
Field Description Message (Required) To verify the configuration, enter a test message. Recipient (Required) To verify the configuration, enter the test recipient's mobile phone number. Send Test Message To verify the configuration, after you enter the test message and the test recipient's mobile number, click this button. The test recipient should receive the message and confirm the results. Complete the fields with the appropriate information, then click settings will take effect immediately.
3. The SMS Gateway field displays the gateway service that was selected when the gateway was created. This cannot be edited after creation. 4. In the Service Settings area, you may edit the Display Name. 5. When you duplicate an SMS over SMTP gateway, the Carrier Selection configuration options are included. In the Carrier Selection drop-down list, choose one of the following options: l Registration form will have the visitor_carrier field—The visitor will supply the carrier information when they register.
l Select a carrier—The form includes the Mobile Carrier field. Choose the carrier from the Mobile Carrier drop-down list. l Configure Carrier Settings—The form expands to include configuration options for the carrier: n SMS Address—You may choose to use a template to determine the email address, or to use a fixed address. n Address Template or Address—If you chose to use a template to determine the address, the next field is Address Template.
2. Complete the form by typing in the SMS message and entering the mobile phone number that you are sending the SMS to. The maximum length for the message is 160 characters. If multiple services are available, you may also choose the service to use when sending the message. 3. Click Send Message. About SMS Credits Most SMS providers use a system of credits when for sending messages. In Dell Networking W-ClearPass Guest SMS Services, one credit is used for each sent message.
When using guest self-registration, SMS Delivery options are available for the receipt page actions; See "Editing Receipt Actions" on page 300 for full details. For more information on SMS services, see "SMS Services" on page 364. SMS Receipt Options SMS receipt configuration options are available in the Customization module (see "Customizing SMS Receipt" on page 357).
2. To filter the list, click the Display Lists tab above the form. The form expands to include the Carrier Lists options. Use this drop-down list to specify the visitor carrier or MMS carrier. To be available in the drop-down lists on this Carrier Lists form, a carrier must first be enabled. 3. To enable, disable, or delete a carrier, click the carrier in the list. The carrier’s row expands to include the Edit, Enable or Disable, and Delete options.
l When creating or editing a gateway, to include the Mobile Carrier field in the visitor’s registration form, choose Registration form will have the visitor_carrier field in the Carrier Selection drop-down list. The Mobile Carrier field is also added to the Test SMS Settings area of the forms. 5. In the Name field, enter the carrier’s name. If there is more than one format of the carrier company’s name, use the format the public most readily identifies with the carrier service. 6.
l To use the SMS template for MMS messages, mark the check box in this row. The SMS Address configuration will be applied to MMS messages, and the MMS Template row is removed from the form. l To use an MMS template for MMS messages, leave this check box unmarked. 11.If you will use an MMS template for MMS messages, enter an example email address in the MMS Template field. This provides the pattern for the address format. 12.
All translation packs that have been enabled are included in the list. You can click a translation pack's row in the list for additional options: Table 89: Translation Packs List View Options Field Desription Edit Enable or disable the translation pack and edit its name, display name, language code, flag image, and list of locale identifiers. For more information, see "Creating and Editing Translation Packs" on page 378.
Table 90: Translation Pack Configuration Field Description Parent Name of the translation pack you used as a basis. This field only appears if you are duplicating a translation pack, Name Name of this translation pack. This identifying name is different from the display name, and is only seen by application administrators. Enabled You can select the check box to enable this translation pack, or leave it unselected to create the translation pack but not enable it yet.
Translation Assistant To configure some basic user assistance features for the user interface's language settings, go to Configuration > Translations > Translation Assistant. The Translation Assistant form opens. 380 | Configuration Dell Networking W-ClearPass Guest 6.5.
Table 91: Translation Assistant Configuration Field Description Default Language Sets the default language pack for the user's application. Auto-Detection If selected, disables automatic browser-based language detection and enforces the default translation pack instead. The default behavior is to use the language the user's browser has detected as preferred, instead of using the default translation pack.
Table 92: The Translation Pack Configuration Form Field Description Name Display Name These fields show the information for this translation pack and cannot be edited on this form. Language Code Locales Enabled If selected, enables this translation pack. If this translation pack should not be enabled at this time, leave this check box unselected. Each language code can have only one corresponding translation pack enabled at a time.
Field Description Common IDs Each link in this field corresponds to a group of related pages and messages. Click a link to display the text IDs for all labels and messages in that group. The text IDs are listed in the Text IDs field, and a row is added to the form for each text ID. (text ID numbers) These rows appear if text IDs were specified in the Text IDs field. The default text for the field is shown below the text box. For each item you want to override, enter the new text in the text box.
| Configuration Dell Networking W-ClearPass Guest 6.5.
Chapter 6 Advertising Services Advertising Services lets you deliver marketing promotions and advertisements to your users on a variety of Guest Management registration, receipt, and login pages. To work with W-ClearPass Guest Advertising Services, go to Configuration > Advertising > Start Here.
Materials and promotions are then organized into advertising campaigns that run over a specified date range and with a specified priority (rank and weight). Campaigns An advertising campaign is the strategy by which you organize the presentation of your ads. It defines which promotions and materials to deliver, and when they should be delivered. You can rank and weight a campaign to balance it against other campaigns.
Topics in the tutorial cover how to create materials, promotions, and campaigns and configure spaces. You can view the finished product of the practice exercises. Tips are provided on how to troubleshoot the different stages of the process. Navigating the Tutorial Table 93: Tutorial Navigation Elements To: Do This: Move through the tutorial sequentially Click the Continue link in the bottom right corner next to the count of completed tasks.
registration, receipt and self-service pages, and email and SMS receipts. To work with the advertising settings for a Guest Manager page group or page, go to Configuration > Advertising > Pages. The Edit Page list view opens. Columns show the page group, the type of page, and the number of child pages in that group. For example, the Guest Management page group has four child pages and the Guest Self-Registration page group has eight child pages, as shown in the following table.
Advertising Services must be enabled for each Web login or guest self-registration page that is to display advertising. To enable this option, go to either Configuration > Pages > Web Logins or Configuration > Pages > Guest SelfRegistration > Master Enable and select the Advertising Services check box. To edit advertising settings for a page group or page, go to Configuration > Advertising > Pages, then click the Edit link for a page group. The Edit Page form opens.
Field Description l To configure advertising services for a specific child page, click the Page advertising settings link for the child page. Advertising Enabled l Specifies whether the page is enabled or disabled for advertising. Use default setting (Enable advertising on this page)—Enables advertising on this page and on its child pages. Available for page group only. l Use parent setting—Ensures that advertising on this child page is only enabled if advertising is enabled for the parent page.
Table 97: Space Options, Edit Page Field Allowed Spaces Policy Description Specifies which spaces to use. Options include: Use default setting (Allow advertising in all spaces)—Allows advertising in all enabled and applicable advertising spaces. Available for page group only. l Allow advertising in...—The form expands to include the Allowed Spaces row. Available for page group only.
In the Campaign Options area of the form, set the options that control which campaigns can deliver advertising on this page. The final set of advertising campaigns that is used is determined by first applying the Allowed Campaigns Policy, and then applying the Denied Campaigns Policy. 392 | Advertising Services Dell Networking W-ClearPass Guest 6.5.
Table 98: Campaign Options, Edit Page Field Allowed Campaigns Policy Description Specifies which campaigns to use. Options include: Use default setting (Allow advertising from all campaigns)—Allows advertising from all enabled and applicable campaigns. Available for page group only. l Allow advertising from...—The form expands to include the Allowed Campaigns row. Available for page group only. l Allow advertising from all campaigns—Allows advertising from all enabled and applicable advertising campaigns.
The nwa_adspace tag supports the following parameters: l location l name l media l stage l container l style location The value of the Location field that must be set for an advertising space to be matched by location. The Location field and the Other Location field are configured on the Edit Space form (see "Creating and Editing Advertising Spaces" on page 398). You must specify either a location or a name.
name The value of the Name field that must be set for an advertising space to be matched by name. You must specify either a location or a name. The nwa_adspace tag will give an error if you do not specify at least one of these parameters. if a name parameter is specified, then the value of the name parameter will be compared to the Name field of each advertising space.
Value Description web_self_service Specify this value to deliver advertising on a guest selfservice page. web_after_login Specify this value to deliver advertising on a login message page (post-login page). sms_receipt Specify this value to deliver advertising on an SMS receipt. container The name of the HTML element tag in which advertisements will be placed. The nwa_adspace Smarty Template tag is for advanced users. You need to understand HTML and Smarty Templates in order to use it correctly.
All advertising spaces that have been created are included in this list. You can click a space's row in the list for additional options. Table 102: Advertising Spaces List Field Description Edit Edit any of the space's properties. See "Creating and Editing Advertising Spaces" on page 398. Delete Deletes a custom space. You will be asked to confirm the deletion. Not available for built-in spaces. Enable Enable the space so advertising will be displayed in it.
Creating and Editing Advertising Spaces Spaces define the areas of a page that can display advertising content. Spaces use simple rules to select advertisements with the appropriate size, number, and format of materials. The space determines what types of materials can be shown (images, text ads, SMS ads) and, in the case of images, any size constraints on the size of the ad.
Table 103: General Properties, Edit Space Field Description Name (Required) Name that clearly identifies this space. For a built-in space, this cannot be edited. Enabled If selected, allows advertising to be shown in this space. If this check box is not selected, the space will not show any advertisements. Before advertising will be delivered in an enabled space on a specific page, the page's settings also need to allow advertising in the space. Rank (Required) Applies a relative rank to the space.
For more information, see "The nwa_adspace Smarty Template Tag" on page 393. In the Geometry area of the form, set the options that control the width and height of the space. Some devices, such as desktop computers and laptops, have a large screen. Other devices, such as smart phones, have a small screen. Although it is possible to deliver large advertisements to small screens, it does not provide the best user experience.
Table 104: Geometry Options, Edit Space Field Description Screen Types Limits the types of screen that will show this space. This setting only applies to Web advertising. Options include: l All Screens — show on both small and large screens—Ignores the detected screen type. l Small Screens — show on small screens only (phones; mobile devices)—This space will only be shown if the user's device is detected to be a small-screen device.
l Two rows with heights 60 and 40 l Two rows with heights 50 and 50 l One row of height 80 l One row of height 100 "Maximum Width" Example If a maximum width was specified, the system will only output as many columns as will fit within the maximum width constraint for the space.
l If you are creating a new space, click Create to create the new space and return to the Advertising Spaces list, or click Create and Reload to create the new space and reload the Edit Space form. l If you are editing an existing space, click Save to save your changes and return to the Advertising Spaces list, or click Save and Reload to save your changes and reload the Edit Space form. Advertising Campaigns An advertising campaign is the strategy by which you organize the presentation of your ads.
Creating and Editing Advertising Campaigns An advertising campaign is the strategy by which you organize the presentation of your ads. It defines which promotions and materials to deliver, and at which stages they should be delivered. You can rank and weight a campaign to balance it against other campaigns. A campaign can also be configured for presentation between a specified start date and end date.
Table 107: General Properties, Edit Campaign Field Description Name (Required) Name that clearly identifies this campaign. Enabled If selected, allows promotions from this campaign to be delivered. If this check box is not selected, no ads will be provided from this campaign. Before advertising will be delivered from a campaign to a specific page, the page's settings also need to allow advertising from the campaign. Start Date (Optional) Date and time on which this campaign will begin.
In the Web Promotions Delivery area of the form, set the options that define when the campaign's Web promotions are delivered. Use the SMS Promotions Delivery area to set when the campaign's SMS promotions are delivered. The drop-down lists in the Web Promotions area also allow you to select a material instead of a promotion. This usage is rare, though, as it would display only a single static item.
l Weight—When multiple campaigns of equal rank are used, the weight determines how often each campaign's ads should be displayed relative to ads from the other campaigns. Suppose you have multiple advertising campaigns that are defined to provide ads at the same time and stage. You can modify the rank to ensure that ads are displayed from the campaigns in the order you want. You can modify the weight to ensure that, on average, more ads are displayed from campaigns with higher weight.
Table 109: Advertising Promotions List Field Description Edit Edit any of the promotion's properties. See "Creating and Editing Advertising Promotions" on page 408. Delete Delete the promotion from the system. You will be asked to confirm the deletion. Enable Enable the promotion so it will provide advertisements. Disable Disable the promotion. To make the promotion active again, click the Enable link. Copy Make a copy of the promotion's settings to use as a basis for a new promotion.
In the General Properties area of the form, set the basic properties for the promotion: Table 110: General Properties, Edit Promotion Field Description Name (Required) Name that clearly identifies this promotion. Enabled If selected, allows this promotional to deliver ads. If this check box is not selected, no ads will be provided by this promotion. Start Date (Optional) Date and time when the promotion can start providing ads.
Field Description Description Optional comments or notes about this promotional material. Labels To apply labels to this promotion, enter the labels in this field. To create new labels, enter the new label names separated by commas or new lines. The system creates each new label as a "tag". If some labels were already created, clicking in this field displays a list of the existing label tags to choose from. If you include labels here, other promotions will detect this promotion as labeled content.
Field Description Inclusion Mode (Labeled content) How the list of inclusive labels is matched to the available content. Options include: l All of the "inclusive labels" must match l At least one of the "inclusive labels" must match Inclusive Labels (Labeled content) Enter inclusive labels, separated by commas or new lines. Content must match these labels to be included in the promotion.
Table 112: Intelligence Options, Edit Promotion Field Description Enabled If selected, allows a more selective delivery by matching user labels to material labels. (Material also inherits labels from the promotions that include it) Requirement Levels How often the specified labels should be matched. These settings override the Default Level in the next field. Use the controls to select label groups and a requirement level for each one.
Advertising Materials A material is the individual advertisement you deliver — the ad the user sees. To create and work with advertising materials, go to Configuration > Advertising > Materials. The Advertising Materials list view opens. All advertising materials that have been created are included in this list. You can click a material's row in the list for additional options. Table 113: Advertising Materials List Field Description Edit Edit any of the material's properties.
To edit settings for an advertising material, go to Configuration > Advertising > Materials, then click the Edit link for a material. The Edit Promotional Material form opens. In the General Properties area of the form, set the basic properties for the material: Table 114: General Properties, Edit Promotional Material Field Description Name (Required) Name for this material. Enabled If selected, allows this material to be delivered. Start Date Date and time on which this campaign will begin.
Depending on the selection in the Type field, the next area of the form will be either SMS Content or Web Content. In this area, set the options that control either the content of the SMS text messages promotion, or the content and formatting of the Web promotion. Table 115: SMS Content or Web Content, Edit Material Field Description Text (SMS content) Enter the message text. To keep messages short, use 80 characters or fewer.
Field Description Title (Image advertisement; Text advertisement) Specify alternative text for the image. For a text advertisement, the title is shown as the first line of the ad; if a hyperlink is also specified, the title is clickable. Preview (Image advertisement) Preview of the selected advertisement. The preview is updated as you modify the properties of the advertisement. Body (Text advertisement) Content for the text advertisement.
Chapter 7 Hotspot Manager The Hotspot Manager controls self-provisioned guest or visitor accounts. This is where the customer is able to create his or her own guest account on your network for access to the Internet. This can save you time and resources when dealing with individual accounts. Accessing Hotspot Manager To access Dell Networking W-ClearPass Guest’s hotspot management features, go to Configuration > Hotspot Manager. Dell Networking W-ClearPass Guest 6.5.
About Hotspot Management The following diagram shows how the process of customer self provisioning works. Figure 76 Guest self-provisioning l Your customer associates to a local access point and is redirected by a captive portal to the login page. l Existing customers may log in with their Hotspot username and password to start browsing. l New customers click the Hotspot Sign-up link. l On page 1, the customer selects one of the Hotspot plans you have created.
The Enable guest access self-provisioning check box must be selected for self-provisioning to be available. The Require HTTPS field, when enabled, redirects guests to an HTTPS connection for greater security. The Service Not Available Message allows an HTML message to be displayed to visitors if self-provisioning has been disabled. See "Smarty Template Syntax" on page 570 in the Reference chapter for details about the template syntax you may use to format this message.
Captive Portal Integration To start the visitor self-provisioning process, new visitor registration is performed by redirecting the visitor to the URL specified on the Hotspot Preferences page; for example: https://guest.example.com/hotspot_ plan.php. The Hotspot Sign-Up page opens to the first page of the wizard, Choose Plan. The hotspot_plan.php page accepts two parameters: l The source parameter is the IP address of the customer.
Managing Hotspot Plans Your Hotspot plans determine how a customer is to pay for Internet access when connected through Dell Networking W-ClearPass Guest. You also have the option to allow free access. To view the list of hotspot plans your visitors can select and to access plan management, go to Configuration > Hotspot Manager > Start Here and click the Manage Hotspot Plans link. The Manage Hotspot Plans page opens, showing the list of default plans.
Figure 77 Edit Hotspot Plan, Plan Details 2. In the Plan Details area, enter a name for the plan and descriptions to display in the UI and the customer invoice. 3. To enable the plan, leave the Enabled check box marked. To disable the plan, unmark this check box. Disabled plans are not displayed to customers. Figure 78 Edit Hotspot Plan, User Account Details 4. In the User Account Details area, you can specify the usage of numbers, letters, and symbols in the generated username and password.
Figure 79 Edit Hotspot Plan, Time and Cost Details 5. Complete the rest of the fields appropriately for your organization’s needs, then click Create Plan or Edit Plan. The Manage Hotspot Plans list opens with the new plan displayed. Managing Transaction Processors Your hotspot plan must also identify the transaction processing gateway used to process credit card payments.
2. In the Name field, enter a name for the transaction processor. 3. In the Processing Gateway drop-down list, select the gateway with which you have a service account. The form expands to include additional configuration fields for that gateway type. Each transaction processing gateway type requires unique merchant identification, password, and configuration information.
Table 116: Transaction Processor Configuration(Continued) Field Description Item Code The item code for the Wi-Fi service. Logging Select this check box to have details logged. Advised for debug only. Merchant ID The merchant ID to use for this transaction processor when starting a transaction . Mode Select this check box to enable transaction processing in the production environment. Name Match Specifies how much of the last name must be matched.
Table 116: Transaction Processor Configuration(Continued) Field Description Transaction Key The SOAP transaction key. Transaction Password This transaction processor’s API transaction password. Transactions Timeout Timeout, in seconds, of the transaction request. If your transaction processor requires visitors to enter their address, W-ClearPass Guest will automatically include address fields in the guest self-registration forms that use that transaction processor.
customize the title shown on the invoice and how the invoice number is created. You can also customize the currency displayed on the invoice. To customize the hotspot invoice: 1. Go to Configuration > Hotspot Manager > Start Here and then click the Manage Hotspot Invoice link. The Manage Hotspot Invoice form opens. 2. The Invoice Title must be written in HTML. See "Basic HTML Syntax" on page 567 for details about basic HTML syntax. 3. Complete the rest of the fields appropriately.
Customizing the User Interface Each aspect of the user interface your hotspot customers see can be customized. Customizing Visitor Sign-Up Page One Page one of the guest self-provisioning process asks the guest to select a plan. An example of the default “Choose Plan” page is shown below.
Dell Networking W-ClearPass Guest 6.5.
Customizing Visitor Sign-Up Page Two Page two of the guest self-provisioning process asks the guest to provide their personal details and payment method. The example below shows the default “Your Details” page if the customer chooses to pay for the Hourly Access plan. Although it is not shown in this illustration, the default page also includes footer text providing information about privacy policies and security pertaining to the data collected by this page.
The example below shows the default “Your Details” page for a customer who chooses the Free Access plan. To customize how the “Your Details” page is displayed to the guest, go to Configuration > Hotspot Manager > Start Here, click the Manage Hotspot Sign-Up link, and then click the Customize page 2 (Customer Details) link in the upper-right corner. The Edit Hotspot User Details Page form opens.
See "Smarty Template Syntax" on page 570 for details about the template syntax you may use to format the content on this page. 432 | Hotspot Manager Dell Networking W-ClearPass Guest 6.5.
Customizing Visitor Sign-Up Page Three Page three of the guest self-provisioning process provides the customer an invoice containing confirmation of their transaction and the details of their newly created wireless account. An example of the default “Your Receipt” page is shown below.
See "Smarty Template Syntax" on page 570 for details about the template syntax you may use to format the content on this page. Viewing the Hotspot User Interface The Hotspot Manager allows you to view and test Hotspot self-provisioning pages, as well as log in to and view the Hotspot self-service portal that allows customers to view their current account expiration date, purchase time extensions, log out of the Hotspot, or change their user password.
Chapter 8 Administration The Administration module provides tools used by a network administrator to perform both the initial configuration and ongoing maintenance of Dell Networking W-ClearPass Guest. Accessing Administration To access Dell Networking W-ClearPass Guest’s administration features, click the Administration link in the left navigation. Figure 80 The Administration Module’s Left Navigation Dell Networking W-ClearPass Guest 6.5.
AirGroup Services This section describes creating and managing AirGroup controllers and configuring the AirGroup plugin, and provides links to other AirGroup steps performed in Dell Networking W-ClearPass Guest. For an overview of AirGroup functionality, see "AirGroup Deployment Process" on page 28. For complete AirGroup deployment information, refer to the AirGroup sections in the Dell Networking W-Series ArubaOS User Guide and the W-ClearPass Policy Manager documentation.
Table 117: AirGroup List Options Field Description Show Details View details for the AirGroup controller: Name, hostname or IP address and port number, configuration status, last polling time, currently defined roles and AP groups, and AP database details. See "AirGroup Controller Details" on page 437 Edit Edit the AirGroup controller's attributes. The Edit AirGroup Controller form opens. For more information, see "Creating and Editing AirGroup Controllers " on page 438 .
Creating and Editing AirGroup Controllers When you create a new AirGroup controller or edit an existing one, you may configure its name, description, notification status, its network connection and authentication settings, and SSH (Secure Shell) details for remote access. To create a new AirGroup controller or edit an existing controller: 1. Go to Administration > AirGroup Services > Controllers, then either click Create AirGroup controller at the top of the form, or click a controller's Edit link.
Field Description from associated MAC addresses and the events are logged. Hostname Hostname or IP address of the controller. RFC 3576 Port UDP port number for receiving CoA notifications. The default in W-ClearPass Guest is 5999. Shared secret Shared secret for AirGroup dynamic notifications. SSH Username SSH username for accessing the controller. SSH Password SSH password for accessing the controller. The minimum password length is six characters.
Table 119: Configure AirGroup Services Field Description Exclusions Role names, AP group names, or AP names that should not be displayed in the AirGroup user interface. Enter each item on a separate line. Entries are not case-sensitive. To add a comment, enter it on a separate line that begins with the "#" character. Polling If selected, schedules automatic polling of AirGroup controller configuration. The form expands to include scheduling options.
Field Description Timeout Number of seconds after which an attempt to send an AirGroup message will time out. Attempts Maximum number of times the system should attempt to send an AirGroup message.
Table 120: AirGroup Diagnostics Field Show information about a device Description Enter the device's MAC address. Information shown includes: Device information (as entered on Guest > Create Device) l Controller IP address and AirGroup protocol version l Hostname of associated server, management IP address, and role l Times of AirGroup authorization requests along with controller IPs and enforcement profiles l Show information about a controller Enter the controller's IP address or hostname.
operator’s provisioned devices. The operator can also define a group of other users who are allowed to share the operator’s devices. The AirGroup Operator profile is automatically created in W-ClearPass Guest when the AirGroup Services plugin is installed. This profile is used to define the AirGroup Operator role. To create an AirGroup Operator, see "Creating a New Operator" on page 553.
3. Search results are returned to the portal user, who can then select from one of the matching item, or continue typing to further narrow the search. Configuration Summary To configure LDAP user search for AirGroup, you will: 1. Create a W-ClearPass Guest LDAP server 2. Enable user search for this server 3. Configure the user interface for the airgroup_shared_user field 4. Specify user search options for the user interface Each of these steps is described in the following sections.
Table 121: Edit Authentication Server, Basic Properties Field Description Name Enter a name for the LDAP server. Server URL Provide the LDAP URL of the server. This would typically be in the form: ldap://ldap-serverhostname.example.com/ Bind DN Bind Password Enabled If your directory server requires authentication, provide suitable credentials. A typical base DN for Microsoft Active Directory might be DC=example,DC=com.
Table 122: Edit Authentication Server, User Search Field Description Enabled Mark the Use this server to search for matching users checkbox. The form expands to include additional options. Filter (Required) Select one of the following options: Use the default LDAP filter—Uses an LDAP filter suitable for an Active Directory search operation.
Configuring the AirGroup Shared User Field The AirGroup row of the Edit Authentication Server form is the starting point to enable the server for user search in AirGroup. This row provides a brief description of the process and a link to the airgroup_shared_ user field's configuration form. The airgroup_shared_user field stores a list of usernames with whom an AirGroup device should be shared. To enable user search, this field must be updated with new configuration options.
In the Advanced Properties area of the form, you will customize the user interface for single and multipleselection capabilities. Table 124: Advanced Properties, Relevant Fields Field Description Advanced Select the Show advanced properties check box. Additional configuration options are added to the form. Select2 Options Used to customize the user interface for the “select2” control, which provides both single and multiple-selection capabilities. Default values are preconfigured for these fields.
Option Description value should be increased. _advancedRender = 1 Specifies that the list of matching items should be rendered in a way which includes an icon, text and description. If this parameter is not specified, only text is displayed in the matching items. resultsCss.max-height = 400px Specifies that the list of matching items should be up to 400 pixels in height. Additional CSS properties may be specified using the “resultsCss” value, if required. ajax.
Select2 Hook Details The Select2 Hook field may be used to attach certain dynamic behaviors to the “select2” control. This field must contain the definition of a JavaScript function that takes a single argument. The argument to this function specifies certain behavioral properties of the control. The function should return the argument, updated as necessary to specify the behavior that you want.
For example, in a university setting, MACTrac provides a simple way for students to register their various devices on the network: l The student is authenticated and can register as many devices as they wish. l MACTrac automatically detects each device's OS type, letting the network administrator easily build an inventory of the devices on the network and architect an appropriate network policy.
4. The new operator is enabled by default. If the operator is not to be activated until a later time, you may unmark the check box in the Enable User field. 5. In the Role drop-down list, select MACTrac Operator. 6. You may use the Attribute drop-down lists to include additional information such as Phone, Email, Sponsor, Title, Department, or Designation and provide values for these attributes. 7. Click Add. The new MACTrac operator is added to the Local Users list view.
l To print a copy of the device account's details, click its Print link. The Account Details form opens and includes print options. l To disable or delete a device account, click its Remove link. A confirmation dialog opens. You may specify either Disable or Delete, then click Make Changes. To enable a disabled account, click its Activate link. Registering MACTrac Devices The Register Device form is used by MACTrac operators to create their device accounts on their local network.
2. The MAC Address field is required, and should be prepopulated for the user. This is enabled in the Mobility Controller. For more information, see "Automatically Supplying the MACTrac Device Address" on page 455. 3. (Optional) Enter a name for the device in the Device Name field. 4. (Optional) The Device Type field is prepopulated if detected, and indicates whether it is a computer, printer, or other type of device. 5.
Automatically Supplying the MACTrac Device Address To ensure that the MAC address, device type, and browser vendor/version are prepopulated on the MACTrac Register Device form, verify that these options are set in the Mobility Controller. To set MACTrac prepopulating options: 1. Log in to the Mobility Controller. 2. In the Configuration tab, go to Security > Authentication in the left menu. 3. Click the L3 Authentication tab, then choose Captive Portal Authentication Profile > cpg-qacaptiveportal. 4.
API Clients You can create and manage multiple API clients. You may configure each API client's operator profile, grant type, refresh token, and other information. The API Framework plugin provides API services. To configure the plugin, see "Configuring the API Framework Plugin" on page 531. To work with API clients, go to Administration > API Services > API Clients. The API Clients list view opens. Figure 82 The API Clients List View All API clients that have been created are included in the list.
Figure 83 Generate Access Token Details Creating and Editing API Clients To create or edit an API client, go to Administration > API Services > API Clients and either click the Edit link for an API client in the list, or click the Create API client link in the upper-right corner. The Edit API Client or Create API Client form opens. The procedure is the same for both forms. Dell Networking W-ClearPass Guest 6.5.
Table 129: Create API Client Field Description Client ID (Required) Name for the API client. Enter a unique string. (Use this value in the OAuth2 client_id parameter) Description Additional information or comments about the API client. Enabled If selected, enables the API client. Operator Profile (Required) Specifies the role that can access this API client, and determines which API objects and methods are available.
API Explorer The API Explorer provides access to various APIs used for configurations in Guest and Onboard. To see the APIs, go to Administration > API Services > API Clients and click the API Explorer link. The API Explorer opens.
2. In the Privileges field, select Custom in the API Services drop-down list. The field expands to show the API privileges. Privileges included here are: l Allow API Access l Configure SOAP Web Services l List SOAP Web Services l Manage API Clients l SOAP API l XMLRPC API 3. For the Allow API Access privilege, select the Allow Access radio button. 4. For each of the remaining privileges in the list, select the appropriate access level.
OAuth 2.0 is a simple and secure authorization framework. It allows applications to acquire an access token for W-ClearPass through a variety of workflows supported within the OAuth2 specification. After an application has an access token, it can access the various APIs serviced by W-ClearPass either to configure the platform itself or act on behalf of a W-ClearPass Operator.
Client ID and Secret After you register your app, you will receive a client ID and a client secret. The client ID is considered public information, and is used to build login URLs, or is included in JavaScript source code on a page. The client secret must be kept confidential. If a deployed app such as JavaScript or native apps cannot keep the secret confidential, then the secret is not used. Redirect URI During registration of the new OAuth app, often a redirect URI must be included.
The following diagram shows the transaction flow of password grant type. 1. The user enters credentials directly into the app’s native user interface. The app should not cache user credentials under any circumstances. 2. The app submits the user credentials to the authorization server. Credentials include grant_ type=password, user, password, client_id, and client_secret. The client_secret is not required if the OAuth2 app is defined as a public client. 3.
1. The first-party app submits an access token request to the authorization server. This includes grant_ type=client_credentials, client_id, and client_secret. 2. The resource server returns the access token to use in subsequent API calls. This includes access_token, expiry time, and token_type=bearer. 3. The app includes the access token in the HTTP Authorization header. This includes Bearer access_token. 4. The resource server returns authenticated API payload.
Viewing Available Web Services To view the Web services available in Dell Networking W-ClearPass Guest: 1. Go to Administration > Web Services > List Web Services. The Available Web Services list view opens. 2. To view details for a service, click its image in the Web Service field. The row expands to include the Service URL and Service Info fields for that Web service. Dell Networking W-ClearPass Guest 6.5.
3. The Service Info field briefly describes the processes this Web service provides.In the Service URL field, you can click the link to view the Web Service Description Language (WSDL) that defines that service. The WSDL opens in a new tab. 4. When you have finished reviewing the available Web services, click Done. SOAP API Introduction The SOAP interface is available to third-party applications that will integrate with the W-ClearPass Guest Visitor Management Appliance.
guide to developing your own understanding of the network design topics covered, and as a basis for further investigation. About the SOAP API The W-ClearPass Guest SOAP API provides direct access to the underlying functionality of Dell Networking W-ClearPass Guest. Developers wishing to provide integrated applications can make use of this API to programmatically perform actions that would otherwise require manual operation of the user interface.
Page privileges are applied to SOAP authenticated sessions in the same way as the HTML user interface. However, SOAP access also requires the SOAP API privilege to be granted. Refer to "Using the SOAP API" on page 469 for details on creating an operator profile with suitable privileges for SOAP API access. HTTP headers When making a SOAP API request, the SOAPAction HTTP header is required. The value of this header indicates the type of request being made.
Certain conditions might also cause errors that are not reported as a fault. These cases are typically caused by errors in constructing the SOAP request. In these cases, a non-XML result may be returned; check the body of the result, or the application log for details about the cause of the error. Using the SOAP API This section describes how to access, configure, and debug Web Services, create a SOAP API operator, and access the WSDL.
at a minimum that the SOAP API privilege is granted, as well as any additional privileges required for the operation requested. While the default administrative account will automatically gain SOAP API privileges, for security reasons it is strongly recommended that a specific operator profile be created for use by SOAP API clients. To create a suitable operator profile, go to Administration > Operator Logins > Profiles, then click the Create a new operator profile link.
Accessing the WSDL Use the List Web Services command link to browse the available Web services and obtain additional details about each one. In the Web Service field, click the icon for GuestManager Web Services to view the Service URL and additional information about the service. If the "Allow anonymous access to WSDL" option is specified in the SOAP Web Services configuration, accessing the WSDL through the specified Service URL does not require logging in to the W-ClearPass Guest user interface.
Add Service Reference In the Solution Explorer, right-click the References folder, and click Add Service Reference. The Add Service Reference dialog box appears. Enter the Service URL for the GuestManager Web Services into the Address box, and click the Go button. The WSDL is downloaded, and a list of the Web services and operations found is displayed. 472 | Administration Dell Networking W-ClearPass Guest 6.5.
In the Namespace text field, type in a name. This name is used to organize the automatically generated code that interfaces with the Web service. Click the OK button to create the Web service reference. To browse the created classes, double-click the GuestManager service reference. The Object Browser will be displayed with the selected namespace highlighted.
The updated app.config file is shown below, with the appropriate changes highlighted. Performing an API Call This section outlines the C# code required to use the Web service. First, add a using declaration for the namespace containing the Web services: using SoapGuestManager.GuestManager; The following code can now be added to invoke the Ping operation and display the result. 474 | Administration Dell Networking W-ClearPass Guest 6.5.
When invoked, this performs the Ping operation and displays the following output: Securing Web Services Using HTTPS Because HTTP Basic authentication is insecure, it is strongly recommended that the HTTPS transport be used for all SOAP API calls. To use HTTPS as the transport for SOAP API requests, the following changes should be made to the application configuration file: l The mode attribute of the tag must be changed to “Transport”.
Additionally, if a self-signed certificate is being used on the remote server, you will need to provide a suitable ServerCertificateValidationCallback implementation to validate the peer’s certificate. The following code is a minimal implementation that accepts all server certificates without verification: // Trust self-signed certificates System..Net.ServicePointManager.
Table 131: XML Namespaces Component XML Namespace SOAP Envelope http://schemas.xmlsoap.org/wsdl/soap/ SOAP Encoding http://schemas.xmlsoap.org/soap/encoding/ WSDL http://schemas.xmlsoap.org/wsdl/ XML Schema http://www.w3.org/2001/XMLSchema SOAP Addressing Web Service Endpoint The endpoint of the SOAP service is located at the relative URL: soap_guestmanager.php.
l Example: IdType Specifies a user ID. The user ID is a positive integer value, starting at 1. l Example: ResultType Operations return a standard result type. The flag indicates if the operation completed successfully. If the operation failed, the contains a description of the error. l Example of a successful operation: l Example of a successful operation with message: l Example of an unsuccessful operation: UserResultType Standard result type, with an optional element.
l Example of an unsuccessful operation: UserType The User type defines a visitor account, which consists of a number of fields. The fields available may be customized in Guest Manager. Go to Guest Manager > Configuration > Fields to create new fields or modify existing fields. Adding or removing fields will update the UserType schema in the WSDL for GuestManager Web Services. Ensure that you update any clients using this WSDL if the fields are modified.
Creates a new user account. l The standard business logic for visitor account creation applies to visitor accounts created with the SOAP API. For details, refer to the section “Business logic for account creation” in the W-ClearPass Guest User Guide, or search for this term in the online help. l The creator_accept_terms field must be set to the Boolean value “true” in order to create an account. l A value for the role_id field must be specified to create a visitor account.
Example request for CreateUser: Successful response: Failure response: DeleteUser Deletes a user account by ID or matching fields Dell Networking W-ClearPass Guest 6.5.
l This operation deletes a single visitor account that matches all of the field values specified in the user parameter. l Exactly one account must match; if more than one match is found, or if no match is found, an error will be returned and no visitor accounts will be deleted. Example code implementing visitor account deletion: Example request for DeleteUser: Successful response: 482 | Administration Dell Networking W-ClearPass Guest 6.5.
Failure response: EditUser Modifies properties of a user account by ID. l This operation modifies the properties of a visitor account to match the field values specified in the user parameter. Dell Networking W-ClearPass Guest 6.5.
l The id field must be specified to indicate the ID of the visitor account to modify. This field is assigned by the system when the visitor account is created and cannot be changed. Example code implementing visitor account modification: Example request for EditUser: Successful response: 484 | Administration Dell Networking W-ClearPass Guest 6.5.
Failure response: FindUser Returns properties of a user account by matching fields. l This operation locates a single visitor account that matches all of the field values specified in the user parameter. l Exactly one account must match; if more than one match is found, or if no match is found, an error will be returned. l If a visitor account was found, its properties will be returned in the element of the result. Example code implementing search for a visitor account based on a username.
Example request for FindUser: Successful response: 486 | Administration Dell Networking W-ClearPass Guest 6.5.
Failure response: GetUser Returns properties of a user account by ID. Dell Networking W-ClearPass Guest 6.5.
l Returns a element corresponding to the visitor account with the specified ID. l If the specified ID is invalid, no element is returned and the flag is set to 1. Example code implementing a guest lookup operation: Example request for GetUser: 488 | Administration Dell Networking W-ClearPass Guest 6.5.
Successful response: Failure response -- for example, user ID not found: Ping Checks that the SOAP server is alive. Dell Networking W-ClearPass Guest 6.5.
l Returns a standard result type with the message set to "pong". Example code implementing a Ping test operation. Example request for Ping: Successful response: 490 | Administration Dell Networking W-ClearPass Guest 6.5.
The XML-RPC Interface and API This section describes the XML-RPC interface available to third-party applications that will integrate with the Dell Networking W-ClearPass Guest Visitor Management Appliance. Audience: l Developers of integrated applications. Some familiarity with HTTP based web services and XMLRPC is assumed. l System administrators of the W-ClearPass Guest application. System Requirements: l W-ClearPass Guest 6.1.
At the lowest level, the kernel provides basic functions common to the entire system. This includes the Web interface framework, appliance operating system, and runtime support services. The network layer provides critical networking support, including the RADIUS server and the ability for network administrators to manage and control the networking aspects of the VMA. The services layer provides one or more implementations of application services that are used by the layers above.
Parameter Names The parameter names passed to the XML-RPC interface are the same as the field names in the HTML user interface. Parameter Validation Each field of the forms in the HTML user interface is subject to validation according to the rules defined for that field. The same rules also apply to XML-RPC parameters. If a required field is missing, or an invalid value for a field is supplied, an error is generated by the presentation layer and returned to the XML-RPC client.
Table 133: XML-RPC Faults Name Type Description error Flag Set to 1 for an XML-RPC Fault faultCode Integer Status code indicating the cause of the fault faultString String Description of the fault This type of return might appear as: 'error' => 1, 'faultCode' => 401, 'faultString' => 'Invalid username or password', These are the predefined XML-RPC Fault codes: Table 134: XML-RPC Faults Code Description 401 Authentication problem -- invalid username or password 404 File implementation of XM
7. Click Save Changes. The profile is added to the Operator Profiles list. Creating the Role After you create the profile, the next step is to create the role: 1. In W-ClearPass Policy Manager, go to Configuration > Identity > Roles and click the Add User link. The Add New Role form opens. 2. Enter a name and description that clearly identify the role. Dell Networking W-ClearPass Guest 6.5.
3. Click Save. The role is added to the Roles list. Creating the Local User After you create the role, you create the local user: 1. In W-Clear Pass Policy Manager, go to Configuration > Identity > Local Users and click Add User. The Add Local User form opens. 2. In the Role drop-down list, choose the XML-RPC Operator role you created. 3. Complete the rest of the fields appropriately, then click Add. The new XML-RPC operator is added the Local Users list.
2. In the Name field, enter a descriptive name for the translation rule. In the example shown above, the translation rule is to check that the operator is an XML-RPC user, hence the name MatchXML-RPC. 3. Mark the Enabled check box to enable this rule after you create it. If you do not select this check box, the rule you create will appear in the rules list, but will not be active until you enable it. 4. In the Matching Rule drop-down list, select equals. 5.
SSL Security Different levels of certificate validation checks may be necessary, depending on the SSL certificate that has been installed. This corresponds to the user interface provided by Web browsers for certificate trust and verification. The examples presented in this document assume a self-signed certificate has been installed, and reduce the level of SSL verification accordingly.
l "Method amigopod.mac.create" on page 510 l "Method amigopod.mac.edit" on page 512 l "Method amigopod.mac.list" on page 514 Method amigopod.guest.change.expiration Change the expiration time of a guest account.
'error' => 1, Method amigopod.guest.create Create a new guest account. Parameters Name Type Description sponsor_name String Name of the person sponsoring the guest account. visitor_name String Name of the visitor. visitor_company String Company name of the visitor. email String The visitor's email addresss. This will become their username to log in to the network. expire_after Numeric Amount of time before the account will expire. Specified in hours.
Example Usage Sample parameters for the call: 'sponsor_name' => 'Sponsor Name', 'visitor_name' => 'Visitor Name', 'visitor_company' => 'Visitor Company', 'email' => 'demo@example.com', 'expire_after' => 4, 'expire_time' => '', 'role_id' => 2, 'visitor_phone' => '0', 'creator_accept_terms' => 1, Result returned by a successful operation: 'username' => 'demo@example.
Name Type Description uid Integer ID of the guest account to delete delete_account Flag Set to 0 to disable the guest account, 1 to delete the guest account Return Values This function might return a Boolean false value if some input parameters are invalid.
Method amigopod.guest.edit Change one of more properties of a guest account.
Return Values Name Type Description error Flag Set to 1 if the guest account was not modified message String Message describing the success or failure of the operation item Struct User structure containing updated field values uid Integer ID of the guest account *_error String Field-specific error message *_error_flag Flag Field-specific error flag, set to 1 if present Access Control Requires the full_user_control privilege (Guest Manager > Full User Control in the Operator Profile Edit
'password_value' => '', 'schedule_time' => '', 'expire_time' => '', 'user_enabled' => '', 'username_error' => 'You cannot leave this field blank.
Access Control Requires the remove_account privilege (Guest Manager > Remove Accounts in the Operator Profile Editor). Example Usage Sample parameters for the call: 'uid' => '162', Sample successful call: 'error' => 0, 'message' => 'Guest account has been re-enabled', 'item' => array ( 'id' => 162, 'enabled' => 1, 'username' => '', ), Sample failed call: 'error' => 1, 'message' => 'Account not found: ID 162', Method amigopod.guest.get List one or more guest accounts.
array ( 0 => 150, 1 => 162, ), 'users' => array ( 0 => array ( 'id' => '150', 'username' => '44454318', 'enabled' => '1', 'role_id' => '2', 'email' => '', 'notes' => 'GuestManager account 22 of 30 created by root from 192.168.2.3', 'do_expire' => '0', 'expire_time' => '', 'simultaneous_use' => '1', 'expire_postlogin' => '0', 'do_schedule' => '0', 'schedule_time' => '', 'ip_address' => '', 'netmask' => '', ), 1 => array ( 'id' => '162', 'username' => 'demo@example.
Method amigopod.guest.list List guest accounts. (To retrieve devices, see "Method amigopod.mac.list" on page 514) Parameters Name Type Description details Flag Optional parameter; if set to 1 then full details of all guest accounts are returned, otherwise only the IDs are returned sort string Optonal parameter. If set to 1, then sorts first by the specified column, and then by username.
Method amigopod.guest.reset.password Reset a guest account's password to a random value.
Method amigopod.mac.create Create a new MAC device account. Parameters Name Type Description sponsor_name String Name of the person sponsoring the device account. visitor_name String Name of the visitor. visitor_company String Company name of the visitor. email String The visitor's email address. This will become their username to log in to the network. expire_after Numeric Amount of time before the device account will expire. Specified in hours.
Example Usage Sample parameters for the call: 'sponsor_name' => 'Sponsor Name', 'visitor_name' => 'Visitor Name', 'visitor_company' => 'Visitor Company', 'email' => 'demo@example.com', 'expire_after' => 4, 'expire_time' => '', 'role_id' => 2, 'visitor_phone' => '0', 'creator_accept_terms' => 1, Result returned by a successful operation: 'username' => 'demo@example.
Method amigopod.mac.edit Change one of more properties of a device account.
Return Values Name Type Description error Flag Set to 1 if the device account was not modified message String Message describing the success or failure of the operation item Struct User structure containing updated field values uid Integer ID of the device account *_error String Field-specific error message *_error_flag Flag Field-specific error flag, set to 1 if present Access Control Requires the full_user_control privilege (Guest Manager > Full User Control in the Operator Profile Ed
'password_value' => '', 'schedule_time' => '', 'expire_time' => '', 'user_enabled' => '', 'username_error' => 'You cannot leave this field blank.
Return Values Name Type Description ids Array Array of device account IDs (if details was 0). users Array Array of device account structures (if details was 1). Access Control Requires the mac_list privilege (Guest Manager > List MAC Authentication Accounts in the Operator Profile Editor). Example Usage Sample parameters: 'details' => 0, Sample successful call: 'ids' => array ( 0 => '37', 1 => '141', 2 => '40', ...
2. To configure Onboard certificate retention, click the link in the Certificate Retention row. The Certificate Authorities list in the Onboard module opens. If you wish to configure the times after which expired accounts are deleted, refer to the Dell Networking WClearPass Policy Manager documentation for cluster-wide parameters. Data retention of guest accounts and logs is configured in CPPM under Administration > Server Configuration > Cluster-Wide Parameters. 3.
Uploading the 3.9 Backup File To upload a Guest 3.9 configuration to W-ClearPass Guest 6.x: 1. Upgrade your 3.9 system to the latest 3.9.x monthly patch. 2. Deploy your 6.x system, and upgrade it to the latest 6.x monthly patch. 3. In your 3.9 system, make a complete configuration backup. For details on how to back up your system, refer to the "Backup and Restore" section in the "Administrator Tasks" chapter of your "ClearPass Guest 3.9 Deployment Guide." Be sure to use the Complete backup option in your 3.
This form shows every configuration item in your backup file, and provides options for restoring items or excluding them from the restoration. For more information, see the next section, "Restoring Configuration Items " on page 518. Restoring Configuration Items This section describes how to use the Import Configuration: Step 2 form to import 3.9 configuration items to your 6.2 system after you upload them. To select and restore your configuration items: 1.
l To exclude an item from the import, click the X in the item's row. The X turns red to indicate it will be excluded. You can click the X for a category to exclude all items in that category. l To make it easier to select just a few items, you can scroll to the bottom of the list and click the Unselect All link. All items are then marked with a red X and will be excluded from the import. You can then select the l l green check marks for just the items you want.
The Import Notices list provides information about items that were handled during the last import. This list includes the following columns: l Status -- The import status of the item in the same row. Possible statuses include Imported, Migrated, Obsolete, Action Required, Error, Processed, Unsupported, and Warning. These statuses are described more fully in the table below. l Operation/Notice -- This column shows the operation performed on the item, and the name of the item.
Table 136: Configuration Import Statuses Status Description Imported The item was successfully imported with no changes. Migrated The item was successfully imported but some aspects were modified for 6.2, as described in Show Details for the item. For example, if a field imported in a 3.9 configuration has a different name in 6.
l "Import Information: Onboard" on page 524 l "Import Information: Operator Logins" on page 524 l "Import Information: Palo Alto Network Services" on page 524 l "Import Information: RADIUS Services" on page 524 l "Import Information: Reporting Manager Definitions" on page 525 l "Import Information: Server Configuration" on page 526 l "Import Information: SMS Services" on page 527 l "Import Information: SMTP Services" on page 527 Import Information: Advertising Services l Advertising Service
3.9 Name 6.2 Name schedule_time = start_time modify_schedule_time = modify_start_time schedule_after = start_after Custom Forms and Views: l Forms and views that referenced renamed fields are updated to reference the new field name. l Forms and views that referenced obsolete fields have those fields removed from the definition. Print Templates: l Print templates are flagged as Action Required. Print templates might require changes where defaults have changed or fields have been renamed.
Import Information: Onboard To restore your Onboard device provisioning pages, you must import RADIUS Web logins. l The server certificate in CPPM might need to be configured before provisioned devices can connect to the network. l The QuickConnect client provisioning address might need to be verified as the correct one for the new server. Import Information: Operator Logins Operator Login Configuration l A client-side cookie check (nwa_cookiecheck) is added to the Login Message setting.
RADIUS Database Connections l The RADIUS database connection for the local RADIUS server is obsolete. l For any custom user databases, an authentication source must be created in CPPM. RADIUS Database User Accounts l l User accounts are migrated and keep the status (disabled, pending, active, expired) they had in 3.9. Any field names that differ in 6.2 are updated. User accounts with the Deleted status are obsolete. RADIUS Dictionary l The RADIUS dictionary is unsupported.
Import Information: Server Configuration W-ClearPass settings are obsolete. l Data Retention l Data Retention settings for Onboard are imported. Database Configuration l Default (empty) database configuration settings are processed and ignored. Non-default database configuration settings should be reviewed for potential issues. l Installed Plugin List l For imported plugins that were not up-to-date (e.g. pre-3.
l For non-default Application URLs, changes should be reviewed. l Subscription IDs must be added to CPPM. l For non-default HTTP Proxy settings, the HTTP proxy must be configured in CPPM. System HTTP Proxy l For non-default HTTP Proxy settings, the HTTP proxy must be configured in CPPM. System Kernel Configuration l System kernel configuration is obsolete. System Log Setup l System log setup is obsolete. l If a local collector was enabled, it is unsupported.
n SMTP Server n Subject Line n Username n Use Sendmail n Use SSL encryption Plugin Manager Plugins are the software components that fit together to make your Web application. The Available Plugins list shows all the plugins currently included in your application. It lets you view information about each plugin and configure some aspects of most plugins.
The About link displays information about the plugin, including the installation date and update date. The About page for the Kernel plugin also includes links to verify the integrity of all plugin files or perform an application check. Click a plugin’s Configuration link to view or modify its settings. See "Configuring Plugins" on page 529 for details about the configuration settings. Configuring Plugins You can configure most standard, kernel, skin, and translation plugins.
To undo any changes to the plugin’s configuration, click the plugin’s The plugin’s configuration is restored to the factory default settings. Restore default configuration link. In most cases, plugin configuration settings do not need to be modified directly. Use the customization options available elsewhere in the application to make configuration changes.
Configuring the API Framework Plugin The API Framework plugin supports OAuth2 authentication and authorization, and provides all application programming interface (API) services for W-ClearPass Guest. Settings you can configure for this plugin include the access token lifetime, authorization code lifetime, refresh token lifetime, API logging level, and security settings for Cross-Origin Resource Sharing.
Field Description Token Lifetime default value is 14 days. To change the value, enter a number in the first text field, and use the drop-down list to indicate the unit of time. Options include: l seconds l minutes l hours l days l weeks The value for this parameter may also be configured separately for each API client (see "Creating and Editing API Clients" on page 457). API Logging (Required) Specifies the logging level for API-related events.
2. The default navigation method is “Simple navigation with expanding/collapsing menus.” To change the behavior of the navigation menu, click the Navigation drop-down list and select a different expansion level for menu items. 3. The Form Layout options let you specify the position of labels relative to their fields. Options include: l Labels to the left of the input l Labels above the input 4. The HTML HEAD field lets you specify the HTML.
Configure, and click its Enable link. If you prefer to use the standard W-ClearPass skin, navigate to it in the Available Plugins list and click its Enable link. The default skin is displayed on all visitor pages, and on the login page if no other skin is specified for it. However; you can override this for a particular operator profile, an individual operator, or give the login page a different appearance than the rest of the application. You can also specify a skin for guest self-registration pages.
Configuring the Kernel Plugin The Kernel Plugin provides the basic framework for the application. Settings you can configure for this plugin include the application title, the debugging level, the base URL, and the application URL, and autocomplete. 1. To change the application’s title, enter the new name in the Application Title field (for example, your company name) to display that text as the title of your Web application. Click Save Configuration. 2.
Configuring the SMS Services Plugin The SMS Services plugin configuration allows you to configure options related to SMS receipts. You may also configure SMS receipt options in the Customization module (see "Customizing SMS Receipt" on page 357). To view or configure SMS services and receipt options: 1. Go to Administration > Plugin Manager. The Available Plugins list opens. 2. Scroll to the SMS Services row and click its Configuration link. The Configure SMS Services form opens.
SMS Receipt – Select the print template to be used when an SMS receipt is created. The print template used for the receipt must be in plain text format. l Phone Number Field – Select which guest account field contains the guest’s mobile telephone number. This field is used to determine the SMS recipient address. l Auto-Send Field – Select a guest account field which, if set to a non-empty string or non-zero value, will trigger an automatic SMS when the guest account is created or updated.
By default, the display language for the W-ClearPass Guest user interface is automatically detected based on the user's browser settings. To enable or disable language packs, set a default language for W-ClearPass Guest, or customize label and message text, see "About Translations" on page 377. Configuring the Web Analytics Plugin The Web Analytics plugin configuration allows you to configure a tracking code and specify which pages should include it.
2. To allow operators to make WSDL requests without being logged in, mark the check box in the WSDL Access field. 3. Use the counter in the Maximum Request Size field to set the maximum size in kilobytes that will be allowed for a SOAP request. 4. In the SOAP Debugging row, use the drop-down list to set the debugging level for SOAP service requests.
Viewing the Application Log To view events and messages generated by the application, go to Administration > Support > Application Log. The Application Log view opens. To view in-depth information about an event, click the event’s row. The form expands to show details. Click the event’s row again to close it. To view the logs for a different server when in a cluster, use the Server drop-down list above the table.
2. You can use the Times drop-down list to specify a time period to filter for. 3. The Severity drop-down list lets you limit the range of severity to search for: l Error—Returns Error items l Warning—Returns Error and Warning items l Info—Returns Error, Warning, and Info items l Debug—Returns Error, Warning, Info, and Debug items 4. By default, only the Client IP and Message fields are searched. To search all fields, mark the check box in the Options row.
5. Click Export. You are given the option to open the file, save it to your Downloads folder (the default), or save it to another location. Contacting Support To view contact information for Dell Support, go to Administration > Support > Contact Support. The Contact Support page opens. Viewing Documentation To view Dell Networking W-ClearPass Guest documentation, go to Administration > Support > Documentation. The Documentation page opens.
Chapter 9 Operator Logins An operator is a company’s staff member who is able to log in to Dell Networking W-ClearPass Guest. Different operators may have different roles that can be specified with an operator profile. These profiles might be to administer the W-ClearPass Guest network, manage guests, or run reports. Operators may be defined locally in W-ClearPass Guest, or externally in an LDAP directory server.
Two types of operator logins are supported: local operators and operators who are defined externally in your company’s directory server. Both types of operators use the same login screen. Role-Based Access Control for Multiple Operator Profiles Using the operator profile editor, the forms and views used in the application may be customized for a specific operator profile, which enables advanced behaviors to be implemented as part of the role-based access control model.
Custom Login Message If you are deploying W-ClearPass Guest in a multi-lingual environment, you can specify different login messages depending on the currently selected language. The following example from the demonstration site uses Danish (da), Spanish (es) and the default language English, as highlighted in bold: {if $current_language == 'da'}
Indtast brugernavn og password for at
få adgang til W-ClearPass Guest
Kontakt PAGE 546
Advanced Operator Login Options The following options are available in the Logging drop-down list: l No logging l Log only failed operator login attempts l Log only Web logins l Log only XMLRPC access l Log all access Log messages for operator logins, whether successful or unsuccessful, are shown in the application log. Automatic Logout The Logout After option in the Advanced Options section lets you configure an amount of idle time after which an operator’s session will be ended.
Creating an Operator Profile On the Administration > Operator Logins > Operator Profiles page, click the profile link to create a new operator profile. Create a new operator The Edit Operator Profile (new) form is displayed. This form has several sections, which are described in more detail below. The fields in the first area of the form identify the operator profile and capture any optional information: 1. You must enter a name for this profile in the Name field. 2.
For each permission, you may grant No Access, Read Only Access, Full Access, or Custom access. The default in all cases is No Access. This means that you must select the appropriate privileges in order for the profile to work. See "Operator Profile Privileges" on page 552 for details about the available access levels for each privilege. If you choose the Custom setting for an item, the form expands to include additional privileges specific to that item. 3.
If one or more roles are selected, then only those roles will be available for the operator to select from when creating a new guest account. The guest account list is also filtered to show only guest accounts with these roles. If a database is selected in the User Roles list, but no roles within that database are selected, then all roles defined in the database will be available. This is the default option. 4. The Operator Filter may be set to limit the types of accounts that can be viewed by operators.
Table 138: Operators supported in filters Operator Meaning Additional Information = is equal to != is not equal to You may search for multiple values when using the equality (=) or inequality !=) operators. To specify multiple values, list them separated by the pipe character ( | ).
2. (Optional) In the Start Page row, the Default setting indicates that the application’s standard Home page will be the first page displayed after login. To have a different start page displayed to users with this operator profile, choose a page from the drop-down list. For example, if a profile is designed for users who do only certain tasks, you might want the application to open at the module where those tasks are performed. 3. (Optional) In the Language row, the default setting is Auto-detect.
To specify that an operator profile should use a different form when creating a new visitor account: 1. (Optional) In the Customization row, select the Override the application’s forms and views check box. The form expands to show the forms and views that can be modified. If alternative forms or views have been created, you may use the drop-down lists to specify which ones to use. 2. When you have selected the custom forms and views to use, click creation of the operator profile.
l Edit – changes the properties of the specified operator profile l Delete – removes the operator profile from the Operator Profiles list l Duplicate – creates a copy of an operator profile l Create Operator – opens the Create Operator Login form, allowing you to create a new operator login associated with the selected operator profile.
2. Create a CPPM role for the operator: In CPPM, go to Configuration > Identity > Roles and create a role that matches the operator profile. Refer to the W-ClearPass Policy Manager documentation for information on creating the role. l When creating AirGroup users or MACTrac users, the appropriate roles are already created in CPPM. 3. Create a local user for the operator: In CPPM, go to Configuration > Identity > Local Users and click Add User.
Manage LDAP Operator Authentication Servers Dell Networking W-ClearPass Guest supports a flexible authentication mechanism that can be readily adapted to any LDAP server’s method of authenticating users by name. There are built-in defaults for Microsoft Active Directory servers and POSIX-compliant directory servers. When an operator attempts to log in, each LDAP server that is enabled for authentication is checked, in order of priority from lowest to highest.
Creating an LDAP Server To create an LDAP server, go to Administration > Operator Logins > Servers, and click the Create new LDAP server link in the upper-right corner. The authentication Server Configuration form opens. To specify a basic LDAP server connection (hostname and optional port number), use a Server URL of the form ldap://hostname/ or ldap://hostname:port/. See "Advanced LDAP URL Syntax" on page 559 for more details about the types of LDAP URL you may specify.
This form allows you to specify the type of LDAP server your system will use. Click the Server Type drop-down list and select one of the following options: Table 139: Server Type Parameters Server Type Required Configuration Parameters Microsoft Active Directory l POSIX Compliant l Server URL: The URL of the LDAP server Bind DN: The password to use when binding to the LDAP server, or empty for an anonymous bind.
For Sponsor Lookups, if you want to enable the validation of sponsor emails during self-registration, you must add the sponsor_lookup field to the registration and change the user interface to "Multiple selection list" and then check the Select2 Options for additional properties. The server will then look up sponsors during selfregistration and double-check the attribute used for emails on the LDAP server.
Advanced LDAP URL Syntax If you select Microsoft Active Directory as the Server Type on the Administration > Operator Logins > Servers > Server Configuration form, the LDAP server connection will use a default distinguished name of the form dc=domain,dc=com, where the domain name components are taken from the bind username. To specify a different organizational unit within the directory, include a distinguished name in the LDAP server URL, using a format such as: ldap://192.0.2.
2. Enter an operator username and password for the LDAP Server. The minimum password length is six characters. 3. (Optional) Click the Advanced check box to display detailed authorization information for the specified operator. 4. Click Log In to attempt to authenticate the LDAP server, or click Cancel to cancel the test. The Authentication Test area is added above the server names to indicate the test’s progress.
3. In the Search Mode field, use the drop-down list to specify whether to search for an exact match or use wildcard values. 4. (Optional) Click the Advanced check box to display detailed authorization information for the specified sponsor. 5. Click Search Directory to attempt to find sponsor names that match the lookup values, or click Cancel to cancel the test. The Authentication Test area is added above the server names to indicate the search’s progress.
LDAP Translation Rules LDAP translation rules specify how to determine operator profiles based on LDAP attributes for an authenticated operator. To create a new LDAP translation rule: 1. Go to Administration > Operator Logins > Translation Rules, and then click the translation rule link. The Edit Translation Rule form opens. Create new 2. In the Name field, enter a self-explanatory name for the translation rule.
5. Select a Value. The Value field states what is to be matched, in this case CN=Administrators to look for a specific group of which the user is a member. 6. Click the On Match drop-down list and select the action the system should take when there is a match. Your options here are to: n Do nothing – makes no changes. n Assign fixed operator profile – assigns the selected Operator Profile to the operator.
To edit the matching rule list, select an entry in the table to display a menu that lets you perform the following actions: l Edit – Changes the configuration of matching rule l Delete – Removes matching rule from the list l Duplicate – Creates a duplicate copy of an existing rule l Disable – Temporarily disables the rule without deleting it from the rule list l Enable – Re-enables a disabled operator login l Edit Profile – Opens the Edit Operator Profile form for the operator profile assigned to
For example, to permit non-administrator users to access the system only between the hours of 8:00 am and 6:00 pm, you could define the following LDAP translation rule: The Custom rule is: {strip} {if stripos($user.memberof, "CN=Administrators")!==false} 1 {elseif date('H') >= 8 && date('H') < 18} 1 {else} 0 {/if} {/strip} Explanation: The rule will always match on the “memberof” attribute that contains the user’s list of groups.
server’s current time is checked to see if it is after 8am and before 6pm; if so, the operator will be enabled. If neither condition has matched, the “enabled” field will be set to 0 and login will not be permitted. 566 | Operator Logins Dell Networking W-ClearPass Guest 6.5.
Chapter 10 Reference This chapter includes the following sections: l "Basic HTML Syntax" on page 567 l "Standard HTML Styles" on page 568 l "Smarty Template Syntax" on page 570 l "Date/Time Format Syntax" on page 586 l "Programmer’s Reference" on page 588 l "Field, Form, and View Reference" on page 594 l "LDAP Standard Attributes for User Class" on page 615 l "Regular Expressions" on page 616 Basic HTML Syntax Dell Networking W-ClearPass Guest allows different parts of the user interface to
Item HTML Syntax Text Formatting words to be made bold equivalent syntax words to be made italic equivalent syntax words to underline Shown in fixed-width font Uses CSS formatting Uses predefined style
Uses CSS formatting
Uses predefined style
Hypertext Link text to click on – XHTML equivalent Table 143: Formatting Classes Class Name Applies To Description nwaIndent Tables Indent style used in tables nwaLayout Tables Used when you want to lay out material in a table without the material looking as if it is in a table; in other words, without borders nwaContent Tables Class used for a standard table with borders nwaTop Table Header Table heading at top nwaLeft Table Header Left column of table nwaRight Table Header Right column of table nwaBottom Table Header Table heading a
Class Name Applies To Description nwaImportant All Text that should be prominently displayed Table subheadings nwaUsername All Text used to display a username nwaPassword All Text used to display a password Smarty Template Syntax Dell Networking W-ClearPass Guest’s user interface is built using the Smarty template engine. This template system separates the program logic and visual elements, enabling powerful yet flexible applications to be built.
Conditional Text Blocks To include a block of text only if a particular condition is true, use the following syntax: {if $username != ""}
Username: | {$username} |
{else} {/if} The condition tested in the {if} … {/if} block should be a valid PHP expression. The {else} tag does not require a closing tag. Script Blocks The brace characters { and } are specially handled by the Smarty template engine.A name= attribute may be supplied with the opening {foreach} tag. When a name is supplied, the following additional Smarty variables are available for use inside the {foreach} … {/foreach} block: l {$smarty.foreach.name.first} – true if the item being processed is the first item in the collection l {$smarty.foreach.name.last} – true if the item being processed is the last item in the collection l {$smarty.foreach.name.index} – counter for the current item, starting at 0 for the first item l {$smarty.
Functions are of two kinds: block functions, which have a beginning and ending tag enclosing the text operated on by the function, and template functions, which have just a single tag and do not enclose text. To use a function, enclose the function name in curly braces { } and provide any attributes that may be required for the function. Block functions also require a closing tag. dump {dump var=$value} Smarty registered template function. Displays the value of a variable.
l The “target” parameter, if specified, sets the TARGET attribute of the hyperlink. If not specified, no TARGET attribute is provided. The body of the element is the HREF of the command link. The “icon” and “command” parameters are required. All other parameters are optional. nwa_iconlink {nwa_iconlink} … {/nwa_iconlink} Smarty registered block function. Generates a combined icon and text link to a specified URL. Usage example: {nwa_iconlink icon="images/icon-info22.
n info – information symbol n note (or arrow) – right-pointing arrow n ClearPass Guest – ClearPass Guest logo n ok (or tick) – green tick mark n warn (or warning) – warning symbol n wait – animated spinner If “noindent=1” is specified, the block is not indented using the ‘nwaIndent’ style. If “novspace=1” is specified, the block uses a ‘DIV’ element, rather than a ‘P’ element. If neither “icon” nor “type” is supplied, the default behavior is to insert an “info” type image.
The following parameters control the query to be executed: l _method (required) – Name of the query function to execute. A brief listing of the available methods is provided below. l _arg0, _arg1, …, _argN (optional) – Positional arguments for the query function. l Named arguments may also be supplied; the arguments must be named identically to the function arguments listed in the documentation for the query function.
Calculate the number of sessions for accounting records matching a specific calling-station-id. The calling station id address is looked up automatically from the RADIUS Access-Request (Calling-Station-ID attribute). Because different NAS equipment can send differently-formatted MAC addresses in the Calling-Station-Id attribute, the $mac_format argument may be specified. This should be a sprintf-style format string that accepts 6 arguments (the octets of the MAC address).
l return GetUserTraffic($now - 86400*30, $now, 'out') > 100*1024*1024 && AccessReject() l Limit by MAC address, 50 MB download in past 24 hours: return GetCallingStationTraffic(86400, 'out') > 50000000 && AccessReject() GetCurrentSession() GetCurrentSession($criteria) Looks up the details for an active session, based on the specified criteria. This is a multi-purpose function that has a very flexible query interface.
Calculate the number of sessions for accounting records matching a specific IP address. The IP address attribute is looked up automatically from the RADIUS Access-Request (Framed-IP-Address attribute). See "GetTraffic()" on page 580 for details on how to specify the time interval. See "GetIpAddressTraffic()" on page 579 for additional details on the $ip_addr argument.
The $format parameter is optional, and defaults to “relative” if not otherwise specified. This parameter may be one of the following values: l “relative” or “session_time”: Calculates the session timeout as for the Session-Timeout RADIUS attribute, that is, the number of seconds before the session should end. If the session does not have a session timeout, the value returned is 0. l “time”: Calculates the session end time, as the UNIX time at which the session should end.
Looks up the list of all sessions for the specified username. The username attribute is looked up automatically from the RADIUS Access-Request (User-Name attribute). If a $callingstationid argument is supplied, sessions that match that Calling-Station-Id are excluded from the count of active sessions. GetUserActiveSessionCount() GetUserActiveSessionCount($username) Counts the number of currently active sessions for the current username.
nwa_assign {nwa_assign …} Smarty registered template function. Assigns a page variable based on the output of a generator function. Simple usage example: {nwa_assign var=my_variable value=my_value} l The “var” parameter specifies the page variable that will receive the output. l The “value” parameter specifies the value to assign to “var”. The various request variables may also be accessed using one of two supported methods: l {nwa_assign var=_GET.get_variable value=...} l {nwa_assign var=smarty.get.
nwa_nav {nwa_nav} … {/nwa_nav} Smarty registered block function. Defines a block area for navigation, a control, or generates navigation control HTML of a particular type. Blocks are individual components of the navigation area, which basically consist of HTML. Blocks for actual navigation items have substitution tags in the form @tagname@. The recognized tags are described in the table below.
l level1_active l level1_inactive l level2_active l level2_inactive l level2_parent_active l level2_parent_inactive l level3_active l level3_inactive l enter_level1 l enter_level2 l enter_level3 l exit_level1 l exit_level2 l exit_level3 nwa_plugin {nwa_plugin …} Smarty registered template function. Generates plugin information based on the parameters specified. Specifying which plugin: l The ‘id’ parameter specifies a plugin ID.
has read access, that is, not if the user has full access, prefix the privilege name with a # character and use the parameter name “readonly” (or “ro”). {nwa_privilege full=create_user} .. content .. {/nwa_privilege} The “full” (synonym “rw”) parameter specifies the name of a privilege to check for full read-write access. The “name” parameter is the name of the privilege to check. If “name” is prefixed with a “!”, the output is included only if that privilege is NOT granted (inverts the sense of the test).
Not all devices are capable of playing back YouTube video content. Usage example: {nwa_youtube video=Y7dpJ0oseIA width=320 height=240} YouTube is the world’s most popular online video community. {/nwa_youtube} The supported parameters for this block function are: l video (required) – the YouTube video ID to embed. l width (required) – the width in pixels of the video. l height (required) – the height in pixels of the video. l autoplay (optional) – if true, auto-play the video.
Preset Name Date/Time Format Example rfc822 %a, %d %b %Y %H:%M:%S %Z Mon, 07 Apr 2008 14:13:45 EST displaytime %l:%M %p 2:13 PM recent – 2 minutes ago The % items on the right hand side are the same as those supported by the php function strftime(). The string “?:”, if present will return the string following the “?:” if the time value is 0. Otherwise, the format string up to the “?:” is used.
Format Result %B Full month name for the current locale %c Preferred date and time representation for the current locale %C Century number (2-digit number, 00 to 99) %d Day of the month as a decimal number (01 to 31) %D Same as %m/%d/%y %e Day of the month as a decimal number; a single digit is preceded by a space (‘ 1’ to ‘31’) %h Same as %b %H Hour as a decimal number (00 to 23) %l Hour as a decimal number (01 to 12) %m Month as a decimal number (01 to 12) %M Minute as a decimal num
l "NwaByteFormatBase10" on page 589 l "NwaComplexPassword" on page 590 l "NwaCsvCache" on page 590 l "NwaDigitsPassword($len)" on page 590 l "NwaDynamicLoad" on page 590 l "NwaGeneratePictureString" on page 590 l "NwaGenerateRandomPasswordMix" on page 590 l "NwaLettersDigitsPassword" on page 591 l "NwaLettersPassword" on page 591 l "NwaMoneyFormat" on page 591 l "NwaParseCsv" on page 591 l "NwaParseXml" on page 592 l "NwaPasswordByComplexity" on page 592 l "NwaSmsIsValidPhoneNumbe
Formats a non-negative size in bytes as a human readable number (bytes, KB, MB, GB, etc.) Assumes “base 10” rules in measurement; that is, 1 KB = 1000 bytes, 1 MB = 1000 KB, etc. If a negative value is supplied, returns the $unknown string. If a non-numeric value is supplied, that value is returned directly. NwaComplexPassword NwaComplexPassword($len = 8) Generates complex passwords of at least $len characters in length, where $len must be at least 4.
l $upper specifies the minimum number of uppercase characters to include, or -1 to not use any uppercase characters. l $digit specifies the minimum number of digits to include, or -1 to not use any digits. l $symbol specifies the minimum number of symbol characters to include, or -1 to not use any symbol or punctuation characters. NwaLettersDigitsPassword NwaLettersDigitsPassword($len) Generates an alpha-numeric password of $len characters in length consisting of lowercase letters and digits.
Function Description dos_compatible If true, convert \r\n line endings to \n (default true) encoding If set, specifies the input character set to convert from (default not set) out_charset If set, specifies the desired character set to convert to using the iconv() function .
l complex – At least one of each: uppercase letter, lowercase letter, digit, and symbol NwaSmsIsValidPhoneNumber NwaSmsIsValidPhoneNumber($phone_number) Validates a phone number supplied in E.164 international dialing format, including country code. l Any spaces and non-alphanumeric characters are removed. l If the first character is a plus sign (+), the phone number is assumed to be in E.
Be aware of the following differences from Excel VLOOKUP: l Column indexes are 0-based. l Column indexes can also be strings. See "NwaParseCsv" on page 591 and "NwaCsvCache" on page 590. NwaWordsPassword NwaWordsPassword($len) Generates a password consisting of two randomly-chosen words, separated by a small number (1 or 2 digits); that is, in the format word1XXword2. The random words selected will have a maximum length of $len characters, and a minimum length of 3 characters. $len must be at least 3.
Field Description rather than failing to create the account. This field should normally be enabled for guest self-registration forms, to ensure that a visitor that registers again with the same email address has their existing account automatically updated. Set this field to a non-zero value or a non-empty string to enable automatic update of an existing account. This field controls account creation behavior; it is not stored with created visitor accounts.
Field Description field is available when modifying an account using the change_expiration or guest_edit forms. dynamic_is_authorized Boolean flag indicating if the user account is authorized to log in. This field is available when modifying an account using the change_expiration or guest_edit forms. dynamic_is_expired Boolean flag indicating if the user account has already expired. This field is available when modifying an account using the change_expiration or guest_edit forms.
Field Description this field to 0 to disable this account expiration timer. http_user_agent String. Identifies the Web browser that you are using. This tracks user’s browsers when they are registering. This is stored with the user’s account. id String. Internal user ID used to identify the guest account to the system. ip_address String. The IP address to assign to stations authenticating with this account. This field may be up to 20 characters in length.
Field Description “random_password” to use the password specified in the random_password field; l “reset” to create a new password, using the method specified in the random_password_method field (or the global defaults, if no value is available in this field); l “password” to use the value from the password field; l Any other value leaves the password unmodified. This field controls account creation and modification behavior; it is not stored with created or modified visitor accounts.
Field Description no_portal Boolean. If set, prevents a user from logging into the guest service portal. Set this field to a non-zero value or a non-empty string to disable guest access to the self-service portal. The default is to allow guest access to the self-service portal, unless this field is set. no_warn_before Boolean. User does not receive a logout expiration warning. The admin or user can opt out of this option by setting the field to 1. notes String.
Field Description random_password_length String. The length, in characters, of randomly generated account passwords. l For nwa_words_password, the random_password_length is the maximum length of the random words to use. Two random words will be used to create the password, joined together with a small number (up to 2 digits). l For nwa_picture_password, the random_password_length is ignored. random_password_ method String. Identifier specifying how passwords are to be created.
Field Description l l l l l l string specified by the random_username_picture field. nwa_digits_password to create a username using random digits. The length of the username is specified by the random_username_length field. nwa_letters_password to create a username using random lowercase letters. The length of the username is specified by the random_username_ length field. nwa_lettersdigits_password to create a username using random lowercase letters and digits.
Field Description sponsor_email Email address of the sponsor of the account. If the sponsor_email field can be inserted into an email receipt and used future emails, the “Reply-To” email address will always be the email address of the original sponsor, not the current operator. sponsor_name String. Name of the sponsor of the account. The default value of this field is the username of the current operator. submit No Type. Field attached to submit buttons.
Field Description personal_details No Type. Field attached to a form label. purchase_amount No Type. Total amount of the transaction. This field is only used during transaction processing. purchase_details No Type. Field attached to a form label. state String. The visitor’s state or locality name. submit_free No Type. Field attached to a form submit button. visitor_accept_ terms Boolean. Flag indicating that the visitor has accepted the terms and conditions of use. visitor_fax String.
Table 153: SMPT Services Standard Fields Field Description auto_send_smtp Boolean. Flag indicating that an email receipt should be automatically sent upon creation of the guest account. Set this field to a non-zero value or a non-empty string to enable an automatic email receipt to be sent. This field can be used to create an opt-in facility for guests.
Field Description smtp_warn_before_template_id String. This field overrides the print template ID specified under Logout Warnings on the email receipt. If the value is “default”, the default template ID under the Logout Warnings section on the email receipt configuration is used. smtp_warn_before_receipt_ format String. This field overrides the format in the Email Receipt field under Logout Warnings.
Symbol Replacement ! Random punctuation symbol, excluding apostrophe and quotation marks & Random character (letter, digit or punctuation excluding apostrophe and quotation marks) @ Random letter or digit, excluding vowels Any other alphanumeric characters in the picture string will be used in the resulting username or password.
l IsValidAirGroupSharedGroups – Checks that the value is a valid shared group list. Otherwise, returns a description of the error(s). If $arg is an array it may specify the following options: n syntax_only: Default true. If false, requires that the values provided correspond to those from the AirGroup plugin configuration. n protocol_version: Default 2. If 1, changes the default validation properties (see below). n max_groups: Maximum number of groups to allow, default 32.
n syntax_only: Default true. If false, requires that the values provided correspond to those from the AirGroup controller configuration. n protocol_version: Default 2. If 1, changes the default validation properties (see below). n max_roles: Maximum number of roles to allow, default 100. n max_role_length: Maximum length in characters of any single role name, default 64. n max_role_list_length: Maximum total length of the role list, including comma separator characters, default 1000.
'deny' => array( 'blocked-domain.com', 'other-blocked-domain.com', ), ) n The keys ‘whitelist’ and ‘blacklist’ may also be used for ‘allow’ and ‘deny’, respectively. n An ‘allow’ or ‘deny’ value that is a string is converted to a single element array. n Wildcard matching may be used on domain names: the prefix ‘*.’ means match any domain that ends with the given suffix. A ‘*’ component can also be used inside the hostname, and will match zero or more domain name components.
l IsValidHostnameCidr – Checks that the value is a valid IP address or hostname, which may also have an optional /N suffix indicating the network prefix length in bits (CIDR notation). l IsValidHostnamePort – Checks that the value is a valid IP address or hostname, which may optionally include a port number specified with the syntax hostname:port. l IsValidIpAddr – Checks that the value is a valid IP address.
l IsValidTimestamp – Checks that the value is a numeric UNIX timestamp (which measures the time in seconds since January 1, 1970 at midnight UTC). l IsValidTimeZone – Checks that the value is a valid string describing a recognized time zone. l IsValidUrl – Checks that the value appears to be a valid URL that includes a scheme, hostname and path. For example, in the URL http://www.example.com/, the scheme is http, the hostname is www.example.com and the path is /.
Form Field Display Formatting Functions The Display Functions that are available are listed below: Table 157: Form Field Display Functions Function NwaBoolFormat Description Formats a Boolean value as a string. If the argument is 0 or 1, a 0 or 1 is returned for false and true, respectively. l If the argument is a string containing a “|” character, the string is split at the | separator and used for false and true values.
Function NwaDurationFormat Description Converts a time measurement into a description of the corresponding duration. Format parameters: seconds, minutes, hours, days, weeks. l Any format can be converted to another. l By default, this function converts an elapsed time value specified in seconds to a value that is displayed in weeks, days, hours, minutes and seconds.
In the above view (the guest_users view), the four columns displayed correspond to the username, role_ name, enabled, and expire_time fields. Table 158: Display Expressions for Data Formatting Value Description Display Expressions data.username.bold() Displays the username string as bold text. data.role_name Displays the name of the role. Nwa_BooleanText(data.enabled, "Enabled", "Disabled") Displays either “Enabled” or “Disabled” depending on the value of the enabled field. (parseInt(data.
Value Description Nwa_NumberFormat(value[, if_undefined]) Nwa_NumberFormat( value, decimals)Nwa_NumberFormat( value, decimals, dec_point, thousands_sep[, if_ undefined]) Converts a numerical value to a string. If the value has an undefined type (in other words, has not been set), and the if_undefined parameter was provided, returns if_ undefined.
l sAMAccountType: The sAMAccountType property specifies an integer that represents the account type. l unicodePwd: The unicodePwd property is the password for the user. Regular Expressions The characters shown in Table 159 can be used to perform pattern matching tasks using regular expressions. Table 159: Regular Expressions for Pattern Matching Regex Matches a Any string containing the letter “a” ^a Any string starting with “a” ^a$ Only the string “a” a$ Any string ending with “a” .
Appendix 1 Chromebook in Onboard This appendix describes Chromebook functionality in W-ClearPass Onboard. It provides an introduction to Chromebook in Onboard, and discusses considerations as well as Onboard and Google Admin configuration for Chromebook.
l The Google Apps domain provides user login services and other apps, such as the Chrome Web Store, Google Docs, Google Sheets, and more. l The Admin Console is used by administrators to provision new Chromebooks and manage existing Chromebooks. l Chromebook Sync is used to ensure that settings from the Admin Console are applied to all Chromebooks in the domain. l Users, groups, and other details can be provisioned in Google Apps from an existing directory using the Google Apps Directory Sync tool.
For more information on the Chromebook stable, beta and development channels, refer to this article: https://support.google.com/chromebook/answer/1086915 Chromebook Supports Only “Created by Device” Certificates Chromebook includes a trusted platform module (TPM) for protection of cryptographic private keys, including the private key for the TLS client certificate issued to the device by Onboard. Because of this, Chromebook will always create its own private key.
n The Chrome device will be provisioned with a new certificate. n The provisioned network should be automatically activated when it is available. If not, manually connect to the network to verify that EAP-TLS is working correctly.
For more information, see "Configuring Provisioning Settings for Supported Devices" on page 195. Configure Instructions and Messages 1. After you enable Chromebook on the Supported Devices tab, click the Instructions & Messages tab. The text displayed on the device provisioning page for Chromebook devices can be customized here. Figure 90 Provisioning Settings, Instructions & Messages Tab, Chromebook Area 2.
2. Select the Chrome option. 3. Go to User Settings. If you have multiple organizational units or levels, be sure to select the appropriate organizational unit or level before you make changes to the settings. 4. In the user settings, find the Pre-installed Apps and Extensions section, and then click the Manage preinstalled apps link. 5. Select Specify a Custom App. 622 | Chromebook in Onboard Dell Networking W-ClearPass Guest 6.5.
6. Enter the ID and URL of the Onboard Chromebook extension and then click Add. The ID and URL information is available on the Onboard > Deployment and Provisioning > Provisioning Settings > Chromebook tab. If you have a cluster environment, the URL may be modified to refer to any subscriber node. 7. Verify that the extension is listed in the Pre-installed Apps and Extensions list, and then click Save. 8. Remember to save your changes using the Save changes button at the bottom left of the page.
2. You should see the For Users tab selected. Click the Add Wi-Fi button on the right. 3. Specify a Name and SSID for the network, and select the Automatically Connect option. 4. Change the Security Type to WPA/WPA2 Enterprise (802.1X), 5. Under Extensible Authentication Protocol, select EAP-TLS. 6. The Username can be set as a fixed value (for example, anonymous), or it can take the variables ${LOGIN_ ID} (for example, johndoe) or ${LOGIN_EMAIL} (for example, johndoe@mydomain.com). 7.
9. You should also specify the Common Name of the Onboard CA’s issuing certificate in Issuer pattern > Common name—for example, “ClearPass Onboard Local Certificate Authority (Signing)”. 10.Click Save to save the network settings, and remember to click Save changes to commit. Dell Networking W-ClearPass Guest 6.5.
| Chromebook in Onboard Dell Networking W-ClearPass Guest 6.5.
Glossary $ $criteria Array that consists of one or more criteria on which to perform a data-based search. This array is used for advanced cases where predefined helper functions do not provide required flexibility. 8 802.1X Standard for port-based network access control, designed to enhance 802.11 WLAN security. The 802.1X standard provides an authentication framework, allowing a user to be authenticated by a central authority.
ActiveSync Mobile data synchronization app developed by Microsoft that allows a mobile device to be synchronized with either a desktop or a server running compatible software products. AD Microsoft Active Directory. Directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed.
ectory, any LDAP compliant directory, RSA or other RADIUS-based token servers, and SQL database, including the local user store. B bounce To shut down and restart a service or port. BYOD Bring your own device. Refers to using personal mobile devices within an employer's enterprise network infrastructure, and the associated network and resource management challenges. C CA Entity in a public key infrastructure system that issues certificates to clients.
CoA Change of Authorization. collector Network elements providing data for profiling endpoints. The following collectors send endpoint attributes to Profile: DHCP, Onboard, HTTP User Agent, MAC OUI, ActiveSync plugin, OnGuard, SNMP, and Subnet Scanner. common name See distinguished name. CPPM ClearPass Policy Manager. May refer to the Policy Manager application, or all applications within the ClearPass platform. See also Policy Manager. CRL Certificate revocation list.
device provisioning Process of preparing a device for use on an enterprise network, by creating the appropriate access credentials and setting up the network connection parameters. Same as onboarding. DHCP Dynamic Host Configuration Protocol. An auto-configuration protocol used on IP networks. Computers or any network peripherals that are connected to IP networks must be configured before they can communicate with other computers on the network.
EAP-FAST EAP – Flexible Authentication Secure Tunnel. (tunneled) EAP-GTC EAP - Generic Token Card. (non-tunneled) EAP-MD5 EAP-Method Digest 5. (non-tunneled) EAP-MSCHAP EAP Microsoft Challenge Handshake Authentication Protocol. EAP-MSCHAP is version 1 and EAP-MSCHAPv2 is version 2. (non-tunneled) EAP-MSCHAPv2 EAP Microsoft Challenge Handshake Authentication Protocol. EAP-MSCHAP is version 1 and EAP-MSCHAPv2 is version 2. (non-tunneled) EAPoUDP EAP over UDP. See also UDP. EAP-PEAP Protected EAP.
Guest Configurable ClearPass application for secure visitor network access management. Access permissions to ClearPass Guest features are controlled through an operator profile that can be integrated with an LDAP server or Active Directory login. The ClearPass Guest application can be accessed either directly or through CPPM. I Identity Provider Service that authenticates a user or client identity and issues security tokens for ACS.
M MAC address Media Access Control Address. Unique identifier assigned to network interfaces for communications on a network. A device may have a wired network address and a wireless network address. MAC auth MAC Authentication Method. Authenticates devices based on their MAC address. MAC authentication might be the only method of client authentication or clients may also be required to authenticate themselves using other methods, depending on the network privileges required.
that collects and manages health information for NAP client computers. NAS Network Access Server. Device that provides network access to users, such as a wireless access point, network switch, or dial-in terminal server. When a user connects to the NAS device, a RADIUS user authentication request (Access-Request) is generated by the NAS. native agent Browser-based dissolvable agent that uses a separate binary file for each operating system.
OnGuard Functionality within ClearPass that uses persistent and dissolvable agents to perform endpoint protection, posture assessments, and health checks, ensuring compliance is met before devices connect. See also persistent agent, dissolvable agent, Java-based agent, and native agent. OnGuard Unified Agent Combination of OnGuard and VIA. operator Person who uses ClearPass Guest to create guest accounts or perform system administration. Operators act as sponsors for visitor access.
ping Test network connectivity using an ICMP echo request (“ping”). PKCS#n Public-key cryptography standard N. Refers to a numbered standard related to topics in cryptography, including private keys (PKCS#1), digital certificates (PKCS#7), certificate signing requests (PKCS#10), and secure storage of keys and certificates (PKCS#12). PKI See public-key infrastructure.
Profile Functionality within ClearPass that automatically classifies endpoints, using attributes obtained from collectors. It associates an endpoint with a specific user or location, secures access for devices like printers and IP cameras, and can be used to implement BYOD flows where access is controlled based on the type of the device and the identity of the user. provisioning Process used to securely provision a device and configure it with network settings. PSK Pre-shared key.
RFC 3576 Dynamic Authorization Dynamic authorization describes the ability to make changes to a visitor account’s session while it is in progress. This might include disconnecting a session or updating some aspect of the authorization for the session. role Type of access being granted. ClearPass lets you define multiple roles. Such roles could include employee, guest, team member, or press. Roles are used for both guest access (user role) and operator access to ClearPass. See operator profile.
SNMP Simple Network Management Protocol. A TCP/IP standard protocol for managing devices on IP networks. Network administrators use SNMP to monitor and map network availability, and facilitate the exchange of information between network devices. SOAP Web Services SOAP Web services provide a way of transferring data across the Internet to integrate Web-based applications. Web services let businesses share data and processes programmatically, and can be added to a user interface to provide functionality.
trusted root See root CA. TTY TTY-enabled devices allow telephones to transmit text communications for people who are deaf or hard of hearing as well as voice communication. U UDID Unique Device Identifier for an iOS device. UDP User Datagram Protocol. Part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media, and is a "stateless" protocol, meaning it doesn't acknowledge that the packets being sent have been received.
VSA Vendor-specific attribute. W walled garden Defined set of internet or network resources that can or cannot be accessed by unauthorized users through the captive portal. Web Auth User-authentication system for Web pages and Web applications. Web authentication transactions through the dissolvable agent in OnGuard. Web login Login page displayed to a visitor. Wi-Fi Wireless Fidelity. Wireless technology providing connectivity within an local area network. X X.
Index 1 spaces 396 1024-bit RSA 192 tutorial 386 AirGroup 2 2048-bit RSA 192 authenticating users via LDAP 443 configuration summary 28 A configuring fields 255 AAA 23 configuring operator device limit 553 access creating groups 72 configuring 142 creating users 553 access control, print templates 362 defining controller 439 account filters, creating 549 enabling dynamic notifications 439 accounting 22-23, 25 LDAP user search, configuring 443 accounts personal devices 74 passwords, mu
app sets 182 exporting 126 app, registering for OAuth 461 formats 126 application log 540 importing 132 filtering 540 requesting 136 searching 540 revoking 126 viewing 540 searching for 125 authentication 22-23, 25, 35, 82 configuring 147 authorization 23, 25, 35 trust chain 138 usage counts 140 access, role-based 22 character set encoding 56 dynamic 37 Chromebook 617 authorization servers 461 configuring for Onboard 620 configuring Google Admin 621 B Base-64 encoded 126 binary certifica
Device Restrictions 162 private files 233 email 168 public files 233 Exchange ActiveSync 154 uploading 235 Google Admin for Chromebook 621 creating iOS and OS X provisioning 221 account filter 549 iOS settings 153 AirGroup administrator 553 IPSec connection 178 AirGroup groups 72 Kernel plugin 535 AirGroup operator 553 LDAP user search for AirGroup 443 certificate authority 105 Onboard deployment and provisioning 184 configuration profiles 185 operator logins 544 content directory 236
hotspot receipt 433 personal, AirGroup 74 hotspot selection interface 428, 431, 433 provisioning configuration 189 login message 309 shared 72 login page 306 viewing 75 login page, Onboard enrollment 310 digital passes 337 receipt actions 300 Apple Passbook certificates 339 receipt page 299 creating and editing a template 343 Register Shared Device 255 images 350 registration form 297 managing 342 registration page 296 process overview 339 self-service portal 315 template code variables
SMS gateways 364 customizing 252 views 259, 284 Delete 255 Web logins 319 deleting 255 Web pages 334 do_expire 244, 595 email 168 do_schedule 244, 595 guest self-registration receipts 304 duplicating 254 receipts 44, 351 dynamic_expire_time 595 receipts, customizing 352 dynamic_is_authorized 596 SMTP services 351 dynamic_is_expired 596 enabling SMTP carrier 374 dynamic_session_time 596 Edit 255 encoding 56 email 243, 596 encryption key, in guest receipt 241 enabled 244, 596 Exchange
notes 599 smtp_email_field 355, 604 num_accounts 599 smtp_enabled 355, 604 password 239, 243, 362, 599 smtp_receipt_format 355, 604 password_action 599 smtp_subject 355, 604 password_action_recur 599 smtp_template_id 355, 604 password_last_change 599 smtp_warn_before_cc_action 357, 605 password2 243, 599, 602 smtp_warn_before_cc_list 357, 605 personal_details 603 smtp_warn_before_receipt_format 356, 605 purchase_amount 603 smtp_warn_before_subject 356, 604 purchase_details 603 smtp_warn_b
date/time picker 266 G display functions 261, 612 grant types, OAuth 462 display properties 263 guest 26 drop-down list 267 guest access duplicating 260 business rules 243 editing 259, 261 click to print 241 enable if 283 email receipt 351 form field editor 262 NAS login 286 group heading 273 receipt page 286 hidden 268 registration page 286 initial value 276 roles 22 password 269 guest access, self-provisioned 35 previewing 262 guest accounts radio buttons 270 activate 61 static
print template wizard 361 I print templates 358 importing self provisioned 286 certificate, code-signing 131 sessions 35 devices 83 SMS receipts 40, 373 guest accounts 56 Guest module 33 matching fields 57 guest self-registration trusted certificate 132 download receipt 303 interstitial ads 398 email receipts 304 iOS settings 153 login message 309 IPSec connection 178 login page 306 Onboard enrollment 310 print receipt 303 K key 241 key type 192 self-service portal 314 SMS receipt 305
M resource servers 461 MAC service accounts 464 address formats 82 advanced features 83 state token 462 Onboard authentication 82 certificate authorities 103 registering devices 82 certificate authority message, sending SMS 372 creating 105 methodsSee also XML-RPC API Microsoft Active Directory Certificate Services 115 MMS SMS template for 376 mobile carrier selecting 371 editing 108 date retention 87 deployment checklist 87 device management 118, 122 enrollment with registration 310 management
subscribed calendar 175 PKCS#7 126 VPN 176 plugin management 528 VPN IPSec connection 178 plugins VPN VIA connection 176 configuring 529, 532 Web clips and bookmarks 181 configuring, API Framework 531 Windows applications (app sets) 182-183 configuring, Kernel 535 Onboard module 85 configuring, skin 532 Open SSL text format 126 IP Phone Services 534 operator logins 543 Plugin Manager 528 advanced options 546 SMS Services 536 configuration 544 Translation Assistant 537 LDAP 554 viewing
disconnecting session 35, 37 reauthorizing session 35, 37 reauthorizing session 35, 37 editing 297 self-service portal 228, 314 accessing 314 auto login 315 receipt page 286 password generation 315 editing 299 resetting passwords 316 receipts 40, 373 configuring 336, 374 email 351 redirect URI 462 reference 567 time-based sharing syntax 79 Register page 286 registering app, OAuth 461 registering MAC devices 82 secret question 317 sending SMS alert 39 SMS message 372 sequence diagram AAA 23 guest self
foreach block 571 subject line if block 571 email receipt 351 include 570 subscribed calendar 175 literal block 571 support services 539, 542 modifiers 572 syntax nwa_adspace tag 393 time-based sharing, examples 76 Onboard 102 time-based sharing, reference 79 section block 571 variables 570 SMS alert for session 39 alerts 39 T tab-separated values 54, 56 tag=value pair 72 template predefined template functions 572 character limit 359 credits 373 guest account receipts 44 guest self-registrat
user database 26 wizards print template 361 V viewing WPA key 241 application log 540 X devices 75, 118 XML documentation 542 guest account list 55 plugins 528 parsing 592 sessions, device 69 XML-RPC API 491 SMS gateways 364 about 491 SMTP carriers 374 access control 492 users 122 accessing the API 494 views 26, 243, 247 API Symmetry 492 column format 285 architecture overview 491 customization 258 data representation 493 duplicating 260 data types 493 editing 259, 284 faults 49
| Index Dell Networking W-ClearPass Guest 6.5.