Question: Why does guest users connecting to captive portal SSID get unsecured login page with http in the URL?
Environment: This article applies to Aruba Mobility controllers running ArubaOS version.
Captive portal is one of the methods of authentication supported by ArubaOS. User connecting to captive portal enabled SSID, is presented with a web page that requires user action before network access is granted. It includes user ID and password which must be validated against a database of authorized users.
By default, ArubaOS uses HTTPS for captive portal login page inorder to secure the user credentials that go across during authentication process. But, if "User HTTP for Authentication" is enabled in captive portal profile, controller is forced to present unsecured http login page to guest users.
Following figure shows GUI and CLI images with the "User HTTP for Authentication" highlighted:
Following image list out the command to disable "Use HTTP for Authentication" from Command Line: