Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Captive Portal: Redirect URL (URL for real web page) not accessible after login

This thread has been viewed 3 times

  • 1.  Captive Portal: Redirect URL (URL for real web page) not accessible after login

    Posted Feb 26, 2016 08:50 AM

    Hello everybody,

     

    I have here a standard captive portal wifi setup. We have installed an official tls certificate. Users will be redirected to https://www.example.com, login page is shown, users can authenticate and get access to the internet after successful authentication.

     

    Behind the URL in the used certificate https://www.example.com is a real web page.

    After successful authentication users will always be redirected to the logon page if they want to access https://www.example.com.

     

    Is this normal operation or a bug which is fixed in a higher firmware version?

    Using here version 6.4.2.8.

     

    Thanks in advance for help.

     

    Regards,

    kokel



  • 2.  RE: Captive Portal: Redirect URL (URL for real web page) not accessible after login

    Posted Mar 01, 2016 05:30 AM

    Any hints on this?

     

    If further information is needed, please let me know.

     

    Regards,

    kokel



  • 3.  RE: Captive Portal: Redirect URL (URL for real web page) not accessible after login

    EMPLOYEE
    Posted Mar 01, 2016 06:19 AM

    We would need to see the logs.tar for the controller, as well as the HTML redirect that the user sees after authentication to understand what could be happening.



  • 4.  RE: Captive Portal: Redirect URL (URL for real web page) not accessible after login

    Posted Mar 01, 2016 06:55 AM

    Hello cjoseph,

     

    thanks for your reply. Could you please explain what "normal" operation is.

    In a standard captive portal setup I assume that the URL the certificate is issued to (CN/SAN) should be accessibile after successful login?

     

    In our setup an authenticated captive portal user can access all destinations in the internet except the URL the certifiacte is issued to. If this URL is requested the user get redirected to the captive portal login page (not logged out). There is just this one redirection to the certificate URL.



  • 5.  RE: Captive Portal: Redirect URL (URL for real web page) not accessible after login

    EMPLOYEE
    Posted Mar 01, 2016 07:19 AM

    The controller hijacks all DNS requests for the CN of the installed controller https certificate and replies with the ip address of the controller.



  • 6.  RE: Captive Portal: Redirect URL (URL for real web page) not accessible after login

    EMPLOYEE


  • 7.  RE: Captive Portal: Redirect URL (URL for real web page) not accessible after login

    Posted Mar 01, 2016 07:34 AM

    Thanks cjoseph.

     

    I know the hijack process the controller does to redirect the user to the login page. But I assumed that the controller does this if the user isn't authenticated, only.

     

    So this is by design that the URL in the certificate must not an url with an real Website behind?



  • 8.  RE: Captive Portal: Redirect URL (URL for real web page) not accessible after login
    Best Answer

    EMPLOYEE
    Posted Mar 01, 2016 07:38 AM

    The URL in the certificate is typically supposed to point to the controller, not another website.  The controller hijacks this address for authenticated as well as unauthenticated users.  The built-in certificate below is securelogin.arubanetworks.com.  As an authenticated user, if I do an nslookup, it returns the ip address of the controller, whether I am authenticated or not:

     

    nslookup
> securelogin.arubanetworks.com
Server:		8.8.8.4
Address:	8.8.8.4#53

Non-authoritative answer:
Name:	securelogin.arubanetworks.com
Address: 192.168.1.3
>