Onboard will not work in most mini-browsers that automatically pop up. So there are a few options, but basically all come down to the point that the Onboarding process has to be completed in a full browser environment. That means either, as you mention, users need to type the URL of the onboarding page, or you create a captive portal role where you allow all the test traffic (Apple, Windows, Android/Google) so the captive popup is suppressed, but when a user types any (non HTTPS) URL, the full browser will be redirected and Onboard can be completed, or you find another way to provide the client access to the Onboard page and get the user to that page, which might be an email with a link.
What I mean by the second suggestion is that you need to get rid of the mini-browser/CNA, and one way could be to do a 'guest login' on the captive portal and from there do a redirect to your onboarding page. At that point, the mini-browser should close and a full browser appears on many OS-ses (may change or may not be on all OSses).
Understand you want to make it as simple and smooth as possible, however the device vendors are making it harder and harder to make it easy for the end-user. Your Aruba partner, or Aruba Support may be available to think what works best as a balance in your situation.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Dec 10, 2021 04:47 PM
From: Devin Burns
Subject: OnBoarding Android Login Twice
Thank you for the reply! What walled garden rules are you referring to? As part of my testing I did try adding gstatic and connectivitycheck links to the pre-auth role's ACL to bypass the CNA. That did not work well as the user had to manually type in the portal page on their browser.
As far as your second suggestion, I am not sure I understand what you mean. Sounds like you are saying I should just duplicate my self-registration page, change the post-login default destination to the OnBoard login, and link to that second registration page instead of the OnBoard login page? So the user would login to the Guest network on that secondary page, and get forwarded to OnBoarding after?
I did not know it was best to bypass the CNA. The issue with that is, it would make our Guest wireless registration less user friendly. In that scenario we would probably just want to make a secondary SSID for installing OnBoard.
------------------------------
Devin Burns
Original Message:
Sent: Dec 10, 2021 09:36 AM
From: Herman Robers
Subject: OnBoarding Android Login Twice
Did you put the 'walled garden' rules in place to prevent the automatic portal pop-up (CNA)? Onboard will not work from the popup browser, and you should make sure the popup is closed or suppressed, and a full browser is used.
A trick that typically works is to not put a link to the Onboarding page on the guest portal directly, but a link that wil trigger a login first (to get rid of the CNA/popup) and then redirects to the Onboard Page.
This may be tricky to configure, so it may be good to get assistance from your partner or Aruba Support.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Dec 08, 2021 06:19 PM
From: Devin Burns
Subject: OnBoarding Android Login Twice
I am having an issue with some Android devices when settings up Clearpass OnBoard. We have a link to OnBoard on our guest wireless captive portal. Users select OnBoard, login, and are prompted to download the QuickConnect application. Once they click to download they get a warning about "attempting to open another application" and need to click through with "continue anyway via browser". Once redirected they are immediately kicked back to the captive portal home page and again have to click OnBoard, login a second time, hit download the app again, and the Play Store finally loads (without that warning message). Once the App is installed and setup, they are kicked back to the Captive Portal homepage again, but this time don't have to sign-in, it just goes to the config download page once they click OnBoard for the third time.
Anyone else run into this issue and have a solution? The OnBoarding process works, but having users sign-in twice and go back to the homepage 3 times is less than ideal.
------------------------------
Devin Burns
------------------------------