hi Boneyard
External CP is external text only, i.e. there doesnt have to be anything posted back to the IAP, the auth text is just 'text', whether it appears in the body (and not the http header, see below). The presumption is that some auth is happening on the external CP and then it just responds with some token.
Consider the following config, where .245 is a linux box with apache + php
wlan external-captive-portal lab-cp
server 192.168.1.245
port 80
url "/iap-cp/cp.php"
auth-text "AUTHZ"
auto-whitelist-disable
!
The VAP is set to external CP auth. You can use the below php script to test various scenarios, noting that the httpd header one (X-something: AUTHZ) does not work - it is included for completeness.
<?php
header("Cache-Control: no-cache");
header("Pragma: no-cache");
# this doesnt work - included for completeness
if (preg_match("/smh\.com/", $_GET["url"])) {
header("X-Aruba-IAP: AUTHZ");
header("Refresh: 3; http://wired.com/");
}
?>
<html>
<head></head>
<body>
<?php
$ip = $_GET["ip"];
$url = $_GET["url"];
$ap = $_GET["apname"];
$vc = $_GET["vcname"];
echo "CP request from [$ip] on VC [$vc] / AP [$ap] <br>
";
echo "URL: $url <br><br>
";
if (preg_match("/cnn\.com/", $url)) {
echo "<a href=>words words words</a> <br>";
echo "here is the auth text AUTHZ<br>
";
echo "now browse to some other site <a href=\"http://google.com\">google.com</a><br>
";
}
else if (preg_match("/abc\.com/", $url)) {
echo "there is an empty div after this<br>
";
echo "<div id=AUTHZ></div>
";
echo "now browse to some other site <a href=\"http://slate.com\">slate.com</a><br>
";
}
else {
echo "You are stuck in the captive portal..... <br><br>
";
echo "go to <a href=\"http://cnn.com\">cnn.com</a> to generate inline cp text<br>
";
echo "go to <a href=\"http://smh.com.au\">smh.com.au</a> to generate http header cp text<br>
";
echo "go to <a href=\"http://abc.com\">abc.com</a> to generate html element cp text<br>
";
}
?>
</body>
</html>
and from IAP CLI we can watch the state change from "external cp" to iap-cp
android 192.168.1.33 e8:50:8b:11:11:11 Android iap-cp 18:64:72:22:22:22 60+ AN External CP 0(poor) 0(poor)
android 192.168.1.33 e8:50:8b:11:11:11 Android iap-cp 18:64:72:22:22:22 60+ AN iap-cp 22(good) 162(good)
my contrived checking of the URL could be a database lookup, a form that posts more info to the external CP server (make sure to whitelist), time of day check etc.
regards
-jeff