Lab Minutes Forum

Technical Discussion => Security => Topic started by: davidferns7 on December 19, 2016, 12:02:17 PM

Title: ISE 1.4 guest registration with email address as username
Post by: davidferns7 on December 19, 2016, 12:02:17 PM
Hi All

I wanted to ask if anyone has been able to limit the number of times that a guest user can register with the email address as it looks like with default settings, the username with emailaddress appends numbers to the end of it.

It's causing a bit of hassle and wanted to ask if anyone has some information on how a warning can pop up saying username exists.

Would much appreciate the help.

Thanks
Title: Re: ISE 1.4 guest registration with email address as username
Post by: MC on December 19, 2016, 09:25:45 PM
I don't believe that's possible. ISE will always allow user to create guest account. Are you trying to prevent user from generating duplicate account while he/she already have an unexpired account? Any expired account should be purged per schedule.
Title: Re: ISE 1.4 guest registration with email address as username
Post by: davidferns7 on December 21, 2016, 09:11:35 AM
Hi MC

Yes that's right. As currently user can register multiple times, but there is no check to see if the email address already exists in the database.

With the same premise, there is no capability to reset a users password from the login prompt.

I'm not sure if this can be done at all, as again, if the username and password is queired for login, i dont see why the email address cannot be queried and then prompt saying email already exists.

Another issue I came across is when using mac books, and the captive portal on apple comes up, if I enter a wrong password on first attempt and then try to login again with correct password form the pseudo browser, the page just fails with an internal error.

Have you come across this issue or would be able to direct me in what configuration is either needed on ISE or WLC to force a reauthentication through that Pseudo browser?

Thanks again.

Title: Re: ISE 1.4 guest registration with email address as username
Post by: MC on December 26, 2016, 09:22:24 PM
What you said make sense. That sounds like guest enhancement feature to me. It's just the matter of convincing Cisco to implement it  :)
On the pseudo browser issue, I always remember Cisco recommendation to turn off captive portal feature on WLC as it always causes issue with guest login. Of course, after that, user will need to manually launch browser which may or may not be a big deal. Give that a try and see if it helps. Please note you might need to reboot WLC for it to take effect.
SimplePortal 2.3.7 © 2008-2024, SimplePortal