Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Akmostafa
New Contributor III

FortiAuthenticator as external captive portal to Aruba controller or aruba instant

Dears,

As per my understanding to who external captive portal works in Fortigate: there are certain http parameters that are communicated in the process flow "like the magic parameter and post-to parameter).

 

I am asking about how this process would affect integrating FAC as external captive portal with different vendors.

Some documents in Aruba states that extneral captive portal should be communicating with the controller with xml api via http post messages to valid user location or send user role.

 

Also in FAC configuration, when configuring the portal policy, in Portal selection criteria: we have options to match on http parameters available for cisco, fortigate and fortiWLC. Does this mean that we cannot integrate with other vendors?

 

 

3 REPLIES 3
ebilcari
Staff
Staff

Regarding the selection criteria you can easily create a new one:

ebilcari_0-1669369270891.png

The workflows and the URL information can be found here: 

ebilcari_1-1669369623352.png

If you can make the Aruba Controller to understand this request you can make it work.
If you have trouble integrating with FortiAuthenticator you can try FortiNAC that does have support for Aruba WLC or InstantAP: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/86372da2-200d-11e9-b6f6-f8bc12...

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Akmostafa
New Contributor III

Hello Emirjon,

Thanks for pointing to the workflows.

 

I can see that the URL redirection has post=xxx in case of Fortigate and switch_url=xxx in case of cisco WLC.

In a previous forum post, I had learned in a previous forum post that FAC matches the IP/FQND given into the post= or switch_url against the selected APs in the policy.

 

Thus, I think Aruba should send include a similar parameter in the URL in order for the FAC to recognize the AP ip.

Secondly, Fortigate has a parameter "magic" and cisco has parameter button_clicked. At it seems that FAC is able to include those parameters in the HTML page presented to the client so that when the client submit the API call to the fortigate or cisco, those parameters, the requreid paramteres are included in the API call.

 

IF special parameters like the above are required in Aruba, is there any way to control the included http parameters that are included in the html login form presented to the client who will then submit it to the controller.

Akmostafa
New Contributor III

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors