That is interesting Tim, let me investigate this further as this is new news to me...
Thx From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Cappalli Sent: 26 July 2021 15:19 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba and SAML SSO CPPM will parse out the SAML assertion attributes as long as you add them to the SSO dictionary in CPPM. You can then use them in role mapping or enforcement in an application authorization service. ________________________________ From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Martin MacLeod-Brown <mmacl...@london.edu<mailto:mmacl...@london.edu>> Sent: Monday, July 26, 2021 10:13:15 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] Aruba and SAML SSO Hi Everyone Just reaching out here to see if anyone has managed this using Aruba technologies? We have a B2B client who enrols onto one of our Open Courses, using an email address of their choice. We capture that email address in AAD and they will be sent an invite to join the relevant Teams/O365 resources that apply to them and to reset their initial password. When these clients arrive at campus they connect to our guest Wi-Fi where they self register via our Captive Portal Is there a way that they can use their B2B details that they signed up with originally to log into the guest Wi-Fi? I know last time I looked at this, I could get Clearpass and AAD talking however the authentication token that AAD was sending back after a successful login was just some simple hashed text and I couldn't work out how to intercept that or craft a service/role around it. Has anyone done something like this? Martin ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C020c7434966448c9dadf08d9503f969b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637629056568170328%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=r5U%2FzUFlS3udFdIU5eXCoCD3GBoYrg%2FoyzttBfz%2BRuQ%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://www.educause.edu/community> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community