Created on 11-10-2016 08:45 AM Edited on 12-17-2021 07:08 AM By Anonymous
Purpose
Customer may wants to use Clearpass (Amigopod) as external captive portal
Scope
Login/splash page hosted on an External Web Server
• Use to collect username and password
• Submit the user credentials directly to FGT via a post method
• When FGT receives the client credentials, FGT starts the Auth. phase
• When FGT receives the client authorized, the client will be able to access the network using the given options
Expectations, Requirements
How to integrate ClearPass as External Web portal with Fortigate
Configuration
The Authentication portal page will need to be defined as bellow using the GUI:
ClearPass Captive Portal configuration:
· On the ClearPass side, create a self-registration page and use the * Vendor Settings: Custom Settings.
· The link given below will explain you the configure Submit URL on captive portal:
http://cookbook.fortinet.com/using-an-external-captive-portal-for-wifi-security/
The web portal page is a script that gathers the user’s logon credentials and sends back to the FortiGate a POST message of the format https://<FGT_IP>:1000/fgtauth
with data magic=session_id&username=<username>&password=<password>
. (The magic value was provided in the initial FortiGate request to the web server.)
Configuration given in the screen shot bellow is required on captive portal to make it work with Fortinet:
· FortiGate a POST message of the format https://<FGT_IP>:1000/fgtauth
· For HTTP Fortinet defined port number is 1000 and for HTTPS, it’s 1003.
Logout http://192.168.234.193:1000/logout? Or https://fgt:1003
Put magic={$extra_fields.magic} in the Extra fields instead of appending to the submit URL.
To authenticate the user in clearpass, it expect a magic id (The magic value was provided in the initial FortiGate request to the web server) which is equal to the session id in the URL.
Troubleshooting
diag debug reset
diag debug disable
diag debug application fnbamd -1
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.