Security

Reply
Occasional Contributor II
Posts: 19
Registered: ‎02-15-2014

Cross Domain Requests Support on Mobility Controller

Hi, I am implementing an external CP solution where the clients via javascript perform HTTP POST to login and logout of the MC. The MC is being referenced using the domain securelogin.arubanetworks.com . I am getting the error "Access-Controll-Allow-Origin" header is present on the requested resource when a client tries to post a logout to - https://securelogin.arubanetworks.com/auth/logout.html . I after research on the web I note that it seems the controller is set to disallow cross domain requests. How can I overcome this issue? Thanks, William
Guru Elite
Posts: 21,010
Registered: ‎03-29-2007

Re: Cross Domain Requests Support on Mobility Controller

What is your exect HTML for logout that generates the error?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 19
Registered: ‎02-15-2014

Re: Cross Domain Requests Support on Mobility Controller

Hi Colin,

 

Am not sure what you are asking for however, as I have indicated earlier we use the following html to logout the user: https://secrurelogin.arubanetworks.com/auth/logout.html by prompting the client to logout.

 

BR,

 

William

MVP
Posts: 1,413
Registered: ‎11-30-2011

Re: Cross Domain Requests Support on Mobility Controller

interesting question, im not 100% sure that the logoff function works when you use an external system for the login part.

Occasional Contributor II
Posts: 19
Registered: ‎02-15-2014

Re: Cross Domain Requests Support on Mobility Controller

Hi boneyard,

 

I now don't get the CORS error, and note the HTTPS POST hits the captiveportal session acl rule for dst-nat to 8081, however WebAuth is not working (can't see the radius auth sent to my the radius server group).

 

BR,

Occasional Contributor II
Posts: 19
Registered: ‎02-15-2014

Re: Cross Domain Requests Support on Mobility Controller

Hi, 

 

Still have the problem.

 

Client doing a logout post initiated by javascript as follows:

 

$(document).ready(function()
{
$.support.cors = true;
callGeneral();
});

function dologout()
{
if (confirm("Do You Wish To Log Out?"))
{
$.post(
"https://captiveportal-login.domain.com/auth/logout.html",
function(data)
{
},"text"
);
$.post(
"/hspi/logout.jsp?rand="+Math.random(),
function(data)
{
window.location="http://portal.domain.com/hspi/";
},"text"
);
}
}

 

Is this failing because the login post is sent from a different origin (portal.domain.com) to the controller's origin (captiveportal-login.domain.com)? (Please note I have updated the default SSL certificate also with a wild card in the CN - *.domain.com .

 

If the issues related to the controller's web server rejecting the cross origin request, then can the controller's web server be configured to allow this origin -portal.domain.com?

 

BR,

 

 

Guru Elite
Posts: 21,010
Registered: ‎03-29-2007

Re: Cross Domain Requests Support on Mobility Controller

I read your post and I'm trying to answer based on what you are asking.

 

When you use a wildcard cert, BOTH the login and logout should post to "captiveportal-login.domain.com".  As you know, when you use a wildcard certificate, the controller resolves all DNS requests for captiveportal-login.domain.com to the controller's switchip and then logs out the user.   First, replace with captiveportal-login.domain.com with the ip address of the local controller and see if it works.  If it does not work, you have another issue, like routing, or you need to change the ip cp-redirect-address on that local controller to an ip address on a vlan on that controller that is routable to the client..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: