Security

Hi, I am implementing an external CP solution where the clients via javascript perform HTTP POST to login and logout of the MC. The MC is being referenced using the domain securelogin.arubanetworks.com . I am getting the error "Access-Controll-Allow-Origin" header is present on the requested resource when a client tries to post a logout to - https://securelogin.arubanetworks.com/auth/logout.html . I after research on the web I note that it seems the controller is set to disallow cross domain requests. How can I overcome this issue? Thanks, William

What is your exect HTML for logout that generates the error?

 

Hi Colin,

 

Am not sure what you are asking for however, as I have indicated earlier we use the following html to logout the user: https://secrurelogin.arubanetworks.com/auth/logout.html by prompting the client to logout.

 

BR,

 

William

interesting question, im not 100% sure that the logoff function works when you use an external system for the login part.

Hi boneyard,

 

I now don't get the CORS error, and note the HTTPS POST hits the captiveportal session acl rule for dst-nat to 8081, however WebAuth is not working (can't see the radius auth sent to my the radius server group).

 

BR,

Hi, 

 

Still have the problem.

 

Client doing a logout post initiated by javascript as follows:

 

$(document).ready(function()
{
$.support.cors = true;
callGeneral();
});

function dologout()
{
if (confirm("Do You Wish To Log Out?"))
{
$.post(
"https://captiveportal-login.domain.com/auth/logout.html",
function(data)
{
},"text"
);
$.post(
"/hspi/logout.jsp?rand="+Math.random(),
function(data)
{
window.location="http://portal.domain.com/hspi/";
},"text"
);
}
}

 

Is this failing because the login post is sent from a different origin (portal.domain.com) to the controller's origin (captiveportal-login.domain.com)? (Please note I have updated the default SSL certificate also with a wild card in the CN - *.domain.com .

 

If the issues related to the controller's web server rejecting the cross origin request, then can the controller's web server be configured to allow this origin -portal.domain.com?

 

BR,

 

 

I read your post and I'm trying to answer based on what you are asking.

 

When you use a wildcard cert, BOTH the login and logout should post to "captiveportal-login.domain.com".  As you know, when you use a wildcard certificate, the controller resolves all DNS requests for captiveportal-login.domain.com to the controller's switchip and then logs out the user.   First, replace with captiveportal-login.domain.com with the ip address of the local controller and see if it works.  If it does not work, you have another issue, like routing, or you need to change the ip cp-redirect-address on that local controller to an ip address on a vlan on that controller that is routable to the client..