This example shows using RADIUS Single Sign-On (RSSO), FortiGate, FortiConnect (for guest portal and RADIUS authentication), and FortiWLC (for providing wireless access). Captive portal users are mapped to user groups on the FortiGate and security policies are applied based on these user groups.
- User authenticates to WLC via a security profile where a RADIUS authentication is established (802.1x / captive portal).
- WLC validates user credentials at RADIUS server.
- RADIUS servers authenticate user for access and sends access-accept back to WLC to allow connection (including class attribute).
- WLC allows device/user to establish wireless connection.
- WLC sends accounting packets to RADIUS server.
- RADIUS server proxies those accounting packets and forwards them to FortiGate.
- FortiGate registers user and maps the user to an RSSO-user group.