Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Configure the email link

In Guest Manager when Self Registration Requests are sent to sponsors, the email messages contain links for the sponsor to either automatically accept or deny the request, or to login to the Admin UI to do this. In both cases, the default links provided use non-secure HTTP access. If you are using an SSL certificate to secure the FortiNAC Admin UI and you block access to HTTP for Admin Users, the links used in emails to Sponsors for guest self-registration must use https.

The link contained in the email is composed by FortiNAC. The link contains the URL of the FortiNAC server or Control server. In a High Availability environment with an L3 configuration where redundant FortiNAC servers are on different subnets and do not use a shared IP address the URL should contain the FQDN of the correct FortiNAC server or control server.

To configure FortiNAC to use https and the FQDN of the server in the email links you must modify a property file on the FortiNAC server. There are two options that can be set in several different ways. See the table below:

Property

Definition

com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=

Embeds the FQDN of the FortiNAC Server or Control Server in the URL used in the email link.

Typically FortiNAC can determine the FQDN, however if there is an issue the FQDN can be configured here.

If this property is configured the EmailLinkUseHttps property shown below is ignored. Therefore, if https and port 8443 are required, they must also be configured here.

com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkUseHttps=

Indicates whether to use HTTPS and port 8443 or HTTP and port 8080 in embedded email links.

If this is blank or false, HTTP and port 8080 are used.

If this is set to true, HTTPS and port 8443 are used.

Modify the property file as follows:

  1. Log into the CLI as root on your FortiNAC Server or Control Server.
  2. Navigate to the following directory: /bsc/campusMgr/master_loader/
  3. Using vi or another editor, open the .masterPropertyFile file.
  4. At the top of the file there is a sample entry that is commented out. Follow the syntax of the sample entry to create your own changes using one of the following examples:

    Example 1

    To configure email links to use https and port 8443 set EmailLinkUseHttps to true:

    FILE_NAME=./properties_plugin/selfRegRequest.properties

    {

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkUseHttps=true

    }

    Example 2

    To configure email links to use the FQDN of the FortiNAC Server or Control Server add the information to the EmailLinkHost property.

    FILE_NAME=./properties_plugin/selfRegRequest.properties

    {

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=http://<FQDN>:8080

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkUseHttps=

    }

    Example 3

    To configure email links to use the FQDN of the FortiNAC Server or Control Server and use https and port 8443 add the information to the EmailLink Host property.

    FILE_NAME=./properties_plugin/selfRegRequest.properties

    {

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=https://<FQDN>:8443

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkUseHttps=true

    }

  5. Save the changes to the file.
  6. Restart the FortiNAC Server. When the server restarts the changes listed in the .masterPropertyFile are written to the selfRegRequest.properties file.
  7. Log into the CLI of the FortiNAC Server or Control Server and navigate to the following directory: /bsc/campusMgr/master_loader/properties_plugin/
  8. View the contents of selfRegRequest.properties and verify that the changes have been written to the file. At the prompt type: cat selfRegRequest.properties

Configure the email link

In Guest Manager when Self Registration Requests are sent to sponsors, the email messages contain links for the sponsor to either automatically accept or deny the request, or to login to the Admin UI to do this. In both cases, the default links provided use non-secure HTTP access. If you are using an SSL certificate to secure the FortiNAC Admin UI and you block access to HTTP for Admin Users, the links used in emails to Sponsors for guest self-registration must use https.

The link contained in the email is composed by FortiNAC. The link contains the URL of the FortiNAC server or Control server. In a High Availability environment with an L3 configuration where redundant FortiNAC servers are on different subnets and do not use a shared IP address the URL should contain the FQDN of the correct FortiNAC server or control server.

To configure FortiNAC to use https and the FQDN of the server in the email links you must modify a property file on the FortiNAC server. There are two options that can be set in several different ways. See the table below:

Property

Definition

com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=

Embeds the FQDN of the FortiNAC Server or Control Server in the URL used in the email link.

Typically FortiNAC can determine the FQDN, however if there is an issue the FQDN can be configured here.

If this property is configured the EmailLinkUseHttps property shown below is ignored. Therefore, if https and port 8443 are required, they must also be configured here.

com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkUseHttps=

Indicates whether to use HTTPS and port 8443 or HTTP and port 8080 in embedded email links.

If this is blank or false, HTTP and port 8080 are used.

If this is set to true, HTTPS and port 8443 are used.

Modify the property file as follows:

  1. Log into the CLI as root on your FortiNAC Server or Control Server.
  2. Navigate to the following directory: /bsc/campusMgr/master_loader/
  3. Using vi or another editor, open the .masterPropertyFile file.
  4. At the top of the file there is a sample entry that is commented out. Follow the syntax of the sample entry to create your own changes using one of the following examples:

    Example 1

    To configure email links to use https and port 8443 set EmailLinkUseHttps to true:

    FILE_NAME=./properties_plugin/selfRegRequest.properties

    {

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkUseHttps=true

    }

    Example 2

    To configure email links to use the FQDN of the FortiNAC Server or Control Server add the information to the EmailLinkHost property.

    FILE_NAME=./properties_plugin/selfRegRequest.properties

    {

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=http://<FQDN>:8080

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkUseHttps=

    }

    Example 3

    To configure email links to use the FQDN of the FortiNAC Server or Control Server and use https and port 8443 add the information to the EmailLink Host property.

    FILE_NAME=./properties_plugin/selfRegRequest.properties

    {

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=https://<FQDN>:8443

    com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkUseHttps=true

    }

  5. Save the changes to the file.
  6. Restart the FortiNAC Server. When the server restarts the changes listed in the .masterPropertyFile are written to the selfRegRequest.properties file.
  7. Log into the CLI of the FortiNAC Server or Control Server and navigate to the following directory: /bsc/campusMgr/master_loader/properties_plugin/
  8. View the contents of selfRegRequest.properties and verify that the changes have been written to the file. At the prompt type: cat selfRegRequest.properties