Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Web-Based Authentication Service
Configure a web-based authentication service for guests or agentless hosts that connect through the Policy Manager Portal. The user is redirected to the Policy Manager captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. by the network device or by a DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. server that is set up to redirect traffic on a subnet Subnet is the logical division of an IP network. to a specific URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet..
The web page collects the user name and password, and also optionally collects health information on supported Windows operation systems. (See the Attribute Name in Table 1, Service Rule > Web-Based Authentication Host Attributes.)
An internal service rule—Connection:Protocol EQUALS WebAuth—categorizes requests into this type of service. You can add additional rules if needed. In addition, you can select a Web-based Authentication service based on the operating system name. You can specify or exclude specific OS versions (for details, see the next section, Selecting a Web-Based Authentication Service by the OS Name).
Configuring a Web-Based Authentication Service
To configure a web-based authentication service:
1. Navigate to > . The page opens.
2. Select the link. The page opens.
3. From the Type drop-down list, select . The following service configuration dialog opens:
Figure 1 Web-Based Authentication Service Configuration Dialog
|
|
The and options are not available for a service. |
Selecting a Web-Based Authentication Service by the OS Name
The > attribute allows you to select a Web-based Authentication service based on the OS name. You can specify or exclude specific OS versions.
To select a web-based authentication service by the OS name and version:
1. From the tab > area, select .
Figure 2 Host OS Name Specified in the Web-Based Authentication Service
2. Specify the attribute as follows:
Type=
Operator=
Value=or
Specify the Host OS Type attribute as follows:
Type=
Operator=
Value=
Specify the Host OS Name attribute as follows:
Type=
Operator=
Value=
Example Showing How to Differentiate Between Windows 8 and Windows 8.1
Type=
Name=
Operator=
Value=
Service Rule > Web-Based Authentication Host Attributes
The following table describes the list of other attributes that can be used to create services based on the client's information.
|
Attribute Name |
||
|
Host
|
AgentType |
Specifies the type of OnGuard Agent. This attribute provides a way to define a separate service for each OnGuard Agent Type. The supported values are: OnGuardAgent: OnGuard Agent OnGuardAgentService: OnGuard Agent running as a service : Native Dissolvable Agent : Java Dissolvable Agent |
|
Agent Version |
OnGuard Agent version. This attribute can be used to create a service based on the OnGuard Agent version. |
|
|
CheckType |
Specifies the type of check OnGuard Agent is performing based on the setting in the OnGuard Settings page (for details, see OnGuard Settings and Agent Library Updates). For , the value of this attribute is . The supported values are: : OnGuard Agent is performing authentication; that is, the request contains credentials. : OnGuard Agent is performing health checks; that is, the request contains Posture information.
|
|
|
Indicates the Fully Qualified Domain Name of the client. |
||
|
HealthCheckLevel |
Indicates the level of health checks performed by OnGuard Agent; that is, whether the user is logged in at the time of health check or not. This attribute can be used to see the health check level when OnGuard Agent is running as or . : The user is not logged in when health checks are being run. : The user is logged in when health checks are being run. |
|
|
Installed SHAs |
Specifies the SHAs installed on the client. |
|
|
InterfaceType |
Specifies the type of . This attribute can be used to define different services based on Network Interface type. The supported values are:
|
|
| Machine Type |
Identify the device as one of the following types: Desktop Laptop Virtual Machine Server Other Unknown |
|
|
Name |
This is the host name of the client (without the domain name). |
|
|
OSArch |
Specifies whether the client is running a 32-bit or 64-bit OS. The supported values are: : 32-bit OS : 64-bit OS |
|
|
OSName |
Indicates the full Operating System name. This attribute can be used to create services for a specific OS. For example, you can use this attribute to differentiate between Windows 8 and Windows 8.1 |
|
|
OSNameVersion |
Provides the Windows OS name and the build version. This attribute can be used to create different Posture policies for different Windows 10 versions such as or . |
|
|
OSType |
Specifies the Operating System type. The supported values are:
|
|
|
SDKType |
Specifies the SDK Software Developer Toolkit; Software tools and programs used to develop software for a particular platform. type. For example, you can specify that the SDK Software Developer Toolkit; Software tools and programs used to develop software for a particular platform. type equals . |
|
|
SDKVersion |
Specifies the SDK Software Developer Toolkit; Software tools and programs used to develop software for a particular platform. version. |
|
|
ServerCertificateCheck |
This attribute's value shows the status of the Policy Manager Server Certificate Check performed by OnGuard agent while sending a WebAuth request to the Policy Manager server.This attribute can also be used in a Service Classification. The value of this attribute can be one of the following: : OnGuard Agent successfully verified the Policy Manager Server Certificate. : OnGuard Agent failed to verify the Policy Manager Server Certificate. |
|
|
UserAgent |
The value of this attribute contains both and . For example, OnGuard 6.6.5.89660. |
|
Attribute Name |
||
|
Host
|
AgentType |
Specifies the type of OnGuard Agent. This attribute provides a way to define a separate service for each OnGuard Agent Type. The supported values are: : OnGuard Agent : OnGuard Agent running as a service : Native Dissolvable Agent : Java Dissolvable Agent |
|
Agent Version |
OnGuard Agent version. This attribute can be used to create a service based on the OnGuard Agent version. |
|
|
CheckType |
Specifies the type of check OnGuard Agent is performing based on the setting in the OnGuard Settings page (for details, see OnGuard Settings and Agent Library Updates). For , the value of this attribute is . The supported values are: : OnGuard Agent is performing authentication; that is, the request contains credentials. : OnGuard Agent is performing health checks; that is, the request contains Posture information.
|
|
|
Indicates the Fully Qualified Domain Name of the client. |
||
|
HealthCheckLevel |
Indicates the level of health checks performed by OnGuard Agent; that is, whether the user is logged in at the time of health check or not. This attribute can be used to see the health check level when OnGuard Agent is running as or . : The user is not logged in when health checks are being run. : The user is logged in when health checks are being run. |
|
|
Installed SHAs |
Specifies the SHAs installed on the client. |
|
|
InterfaceType |
Specifies the type of . This attribute can be used to define different services based on Network Interface type. The supported values are:
|
|
|
Name |
This is the host name of the client (without the domain name). |
|
|
OSArch |
Specifies whether the client is running a 32-bit or 64-bit OS. The supported values are: : 32-bit OS : 64-bit OS |
|
|
OSName |
Indicates the full Operating System name. This attribute can be used to create services for a specific OS. For example, you can use this attribute to differentiate between Windows 8 and Windows 8.1 |
|
|
OSNameVersion |
Provides the Windows OS name and the build version. This attribute can be used to create different Posture policies for different Windows 10 versions such as or . |
|
|
OSType |
Specifies the Operating System type. The supported values are:
|
|
|
SDKType |
Specifies the SDK Software Developer Toolkit; Software tools and programs used to develop software for a particular platform. type. For example, you can specify that the SDK Software Developer Toolkit; Software tools and programs used to develop software for a particular platform. type equals . For related information, see Upgrading From OnGuard Plugin Version 1.0 to 2.0. |
|
|
SDKVersion |
Specifies the SDK Software Developer Toolkit; Software tools and programs used to develop software for a particular platform. version. |
|
|
SerialNumber |
Specifies the serial number of the client. |
|
|
ServerCertificateCheck |
This attribute's value shows the status of the Policy Manager Server Certificate Check performed by OnGuard agent while sending a WebAuth request to the Policy Manager server. This attribute can also be used in a Service Classification. The value of this attribute can be one of the following: : OnGuard Agent successfully verified the Policy Manager Server Certificate. : OnGuard Agent failed to verify the Policy Manager Server Certificate. |
|
|
UserAgent |
The value of this attribute contains both and . For example, OnGuard 6.7.0.89660. |
