Aruba Instant & Cloud Wi-Fi

Reply
Frequent Contributor I
Posts: 97
Registered: ‎04-13-2009

IAP and external Captive Portal

Hi,

Is there the API description for external captive portal usage with IAP? It is not the same as in "normal" controller unfortunatelly. I tried to do reverse engineering and found some parameters but an official document will be helpful.

Many regards,

Marek

Marek Krauze, CWNE# 174, ACMX #295, ACDX #356
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution
Moderator
Posts: 150
Registered: ‎11-14-2011

Re: IAP and external Captive Portal

Marek,

The IAP captive portal although implemented slightly differently to the ArubaOS captive portal is designed to emulate the same workflow. For example, on the Amigopod external captive portal pages, they are still configured with the same Aruba Networks vendor settings.

 

The Wi-Fi client is still responsible for performing a HTTP POST to the IAP virtual controller on securelogin.arubanetworks.com or instant.arubanetworks.com.

 

Let us know if you need any more help in getting your solution up and running.

 

Cam.

Frequent Contributor I
Posts: 97
Registered: ‎04-13-2009

Re: IAP and external Captive Portal

Hi Cam,

Thank you for your response.

I made a test environment for reverse engineering with fake web server and Amigopod. I caught what is posted to authentication server by IAP.

array(8) { ["cmd"]=> string(5) "login" ["mac"]=> string(17) "e0:46:9a:ad:61:16" ["essid"]=> string(9) "testguest" ["ip"]=> string(14) "192.168.11.141" ["url"]=> string(29) "http://www.gazeta.pl/0,0.html" ["GazetaPlBann"]=> string(33) "9114dbe67f44e8512e82452430669114d" ["__utma"]=> string(54) "231422089.483507561.1288819092.1291581717.1321613902.4" ["GazetaPlUser"]=> string(25) "172A20A6A67k1321613897417" }

 

The Amigopod returns something like that:

POST /cgi-bin/login HTTP/1.1
Host: instant.arubanetworks.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0.1) Gecko/20100101 Firefox/8.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: http://10.1.75.27/aruba_iap.php
Cookie: _mkto_trk=id:009-RUR-657&token:_mch-arubanetworks.com-1314260587714-64535; VISITORID=736679627
Content-Type: application/x-www-form-urlencoded
Content-Length: 184

user=jasio%40aaa.com&password=58664548&cmd=authenticate&mac=e8%3A39%3Adf%3A3f%3A0d%3A56&essid=testguest&ip=192.168.11.101&url=http%3A%2F%2Fwww.gazeta.pl%2F0%2C0.html&Login=%22Log+In%22

 

I would like to know that there are all parameters used or what is the parameter set.

Amigopod configuration requires the RADIUS server.

There is another option in IAP with 'Authentication text' on page where guest portal parameters are defined. I suppose that it works similarly to ArubaOS XML API, but I am not sure, what is proper set of parameters to POST to the IAP.

Many regards,

Marek

Marek Krauze, CWNE# 174, ACMX #295, ACDX #356
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution
Moderator
Posts: 150
Registered: ‎11-14-2011

Re: IAP and external Captive Portal

Marek,

 

You are on the right track. You have two options in terms of triggering the authenticted user state.

 

The default and the one that Amigopod leverages is the RADIUS protocol support in Instant 2.0. The alternative is the authentication text and this is a very simple method of signalling to the IAP that you have successfully authenitcated the user in question internally on your web server. All you need to do is define a string on the IAP splash page configuration and the IAP will parse any returned page and search for that string. If found the IAP will consider the user authenticated and change the role of the user to your defined authenticated role.

 

Going down the later path avoids the need to POST any parameters to the IAP as part of the authentication process.

 

Cam.

Frequent Contributor I
Posts: 97
Registered: ‎04-13-2009

Re: IAP and external Captive Portal


-cam- wrote:
[...]

 

 All you need to do is define a string on the IAP splash page configuration and the IAP will parse any returned page and search for that string. If found the IAP will consider the user authenticated and change the role of the user to your defined authenticated role.

 

Going down the later path avoids the need to POST any parameters to the IAP as part of the authentication process.

 

 


Hmmm, I do not understand, how it works... How should I return page to the IAP? Or should I return the page to the user and IAP just parsed it looking for a text 'Authenticated' which was typed in 'Authentication text:' box on the IAP?

Marek Krauze, CWNE# 174, ACMX #295, ACDX #356
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution
Frequent Contributor I
Posts: 97
Registered: ‎04-13-2009

Re: IAP and external Captive Portal

OK, I am moron. It works for me :) Thank you very much.

Marek Krauze, CWNE# 174, ACMX #295, ACDX #356
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution
Moderator
Posts: 150
Registered: ‎11-14-2011

Re: IAP and external Captive Portal

Marek,

 

Good to hear it is all working ok for you now. Sounds like you are working on an interesting project with the IAP. Can you share any details on what sort of user experience you are building with your external splash page server.

 

Cam.

New Contributor
Posts: 1
Registered: ‎04-13-2009

Re: IAP and external Captive Portal

I'm working on a similar configuration. I want to use the "External - Authentication Text" for captive portal. Do you have a document that explains what I need externally, and how to configure it?

New Contributor
Posts: 1
Registered: ‎07-05-2013

Re: IAP and external Captive Portal

Any update to this topic? I see that a solution has been identified, but it does not detail the settings required on the IAP to make this work, nor provide a sample of the code used on the webserver for the captive portal page.

 

Any help is GREATLY appreciated! I am stumped!

 

-Landon

Senior Network Systems Analyst

County of Nevada

Frequent Contributor I
Posts: 97
Registered: ‎04-13-2009

Re: IAP and external Captive Portal

Hi, 

There are two options. When you would like to use "Auth text" option you just have to provide the same string as configured,  somewhere at your Web Page where huser has been authenticated.
Second option is little bit more complicated. You have additional RADIUS server to authenticate users (you can use CPPM/GM at your convenience). The scheme is as follows:

User types his/her credentials and submit a form
Form has to be POST form that contains elements that were mentioned previously in this thread.
IAP process request by querying RADIUS
RADIUS accepts/declines creds
User has been authenticated and redirected to requested/configured page 

 

HTH

Marek

 

Marek Krauze, CWNE# 174, ACMX #295, ACDX #356
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution
Search Airheads
Showing results for 
Search instead for 
Did you mean: