Security

Hello All,

I have been trying to proof of concept sending wifi authentication requests through Radius to OKTA. I have found numerous articles about different setups but had difficulty replicating any of their steps with the differences in my environment. I believe I am missing something on the Clearpass side. Here is what I have:

Okta Side:

Radius app to receive requests, currently in use on other apps so I know it works.

Necessary firewall entries to allow udp traffic from the clearpass controllers. 

CPPM:

An authentication source type RADIUS / RadSec.
The IP set for the Okta agent.
Tried a new UDP port and an existing one to check for traffic.
The secret which I have reset multiple times thinking I messed up. 

A service looking for our broadcast SSID using the Okta Radius server for it's authentication source. 
I have tried using multiple authentication methods including EAP-TLS, PAP, and EAP-TTLS, I have also tried with or without authorization.

Results:

Login attempts through wifi get - RADIUS No response from home server. I believe this means the communication failed. I checked the Okta server and see no logs generated at all, it's like the attempt never even got sent.

Am I missing a step or setting to actually send the radius packed OUT of CPPM to an external source? It almost feels like CPPM is trying to handle the request and not sending the request on to Okta. 

so did you follow this procedure

Onboard and Okta (Configuration Guide: Onboard and Cloud Identity Providers)

Hello All,

I have been trying to proof of concept sending wifi authentication requests through Radius to OKTA. I have found numerous articles about different setups but had difficulty replicating any of their steps with the differences in my environment. I believe I am missing something on the Clearpass side. Here is what I have:

Okta Side:

Radius app to receive requests, currently in use on other apps so I know it works.

Necessary firewall entries to allow udp traffic from the clearpass controllers. 

CPPM:

An authentication source type RADIUS / RadSec.
The IP set for the Okta agent.
Tried a new UDP port and an existing one to check for traffic.
The secret which I have reset multiple times thinking I messed up. 

A service looking for our broadcast SSID using the Okta Radius server for it's authentication source. 
I have tried using multiple authentication methods including EAP-TLS, PAP, and EAP-TTLS, I have also tried with or without authorization.

Results:

Login attempts through wifi get - RADIUS No response from home server. I believe this means the communication failed. I checked the Okta server and see no logs generated at all, it's like the attempt never even got sent.

Am I missing a step or setting to actually send the radius packed OUT of CPPM to an external source? It almost feels like CPPM is trying to handle the request and not sending the request on to Okta. 

Yes, that is the guide we used to setup SAML for Okta. I'm not sure how I can use the SAML option any further since we don't have onboard. I was hoping to send the login attempts for our enterprise wifi auth through to Okta as well, but figure I would have to use Radius. 

so did you follow this procedure

Onboard and Okta (Configuration Guide: Onboard and Cloud Identity Providers)

Hello All,

I have been trying to proof of concept sending wifi authentication requests through Radius to OKTA. I have found numerous articles about different setups but had difficulty replicating any of their steps with the differences in my environment. I believe I am missing something on the Clearpass side. Here is what I have:

Okta Side:

Radius app to receive requests, currently in use on other apps so I know it works.

Necessary firewall entries to allow udp traffic from the clearpass controllers. 

CPPM:

An authentication source type RADIUS / RadSec.
The IP set for the Okta agent.
Tried a new UDP port and an existing one to check for traffic.
The secret which I have reset multiple times thinking I messed up. 

A service looking for our broadcast SSID using the Okta Radius server for it's authentication source. 
I have tried using multiple authentication methods including EAP-TLS, PAP, and EAP-TTLS, I have also tried with or without authorization.

Results:

Login attempts through wifi get - RADIUS No response from home server. I believe this means the communication failed. I checked the Okta server and see no logs generated at all, it's like the attempt never even got sent.

Am I missing a step or setting to actually send the radius packed OUT of CPPM to an external source? It almost feels like CPPM is trying to handle the request and not sending the request on to Okta.