Wireless Access

Reply
Occasional Contributor II
Posts: 44
Registered: ‎08-10-2011

Captive Portal: Redirect URL (URL for real web page) not accessible after login

Hello everybody,

 

I have here a standard captive portal wifi setup. We have installed an official tls certificate. Users will be redirected to https://www.example.com, login page is shown, users can authenticate and get access to the internet after successful authentication.

 

Behind the URL in the used certificate https://www.example.com is a real web page.

After successful authentication users will always be redirected to the logon page if they want to access https://www.example.com.

 

Is this normal operation or a bug which is fixed in a higher firmware version?

Using here version 6.4.2.8.

 

Thanks in advance for help.

 

Regards,

kokel

Occasional Contributor II
Posts: 44
Registered: ‎08-10-2011

Re: Captive Portal: Redirect URL (URL for real web page) not accessible after login

Any hints on this?

 

If further information is needed, please let me know.

 

Regards,

kokel

Guru Elite
Posts: 21,279
Registered: ‎03-29-2007

Re: Captive Portal: Redirect URL (URL for real web page) not accessible after login

We would need to see the logs.tar for the controller, as well as the HTML redirect that the user sees after authentication to understand what could be happening.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 44
Registered: ‎08-10-2011

Re: Captive Portal: Redirect URL (URL for real web page) not accessible after login

Hello cjoseph,

 

thanks for your reply. Could you please explain what "normal" operation is.

In a standard captive portal setup I assume that the URL the certificate is issued to (CN/SAN) should be accessibile after successful login?

 

In our setup an authenticated captive portal user can access all destinations in the internet except the URL the certifiacte is issued to. If this URL is requested the user get redirected to the captive portal login page (not logged out). There is just this one redirection to the certificate URL.

Guru Elite
Posts: 21,279
Registered: ‎03-29-2007

Re: Captive Portal: Redirect URL (URL for real web page) not accessible after login

The controller hijacks all DNS requests for the CN of the installed controller https certificate and replies with the ip address of the controller.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 21,279
Registered: ‎03-29-2007

Re: Captive Portal: Redirect URL (URL for real web page) not accessible after login

Please see the article here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/Precautions-while-selecting-CN-field-in-the-custom-certificate/ta-p/182816



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 44
Registered: ‎08-10-2011

Re: Captive Portal: Redirect URL (URL for real web page) not accessible after login

Thanks cjoseph.

 

I know the hijack process the controller does to redirect the user to the login page. But I assumed that the controller does this if the user isn't authenticated, only.

 

So this is by design that the URL in the certificate must not an url with an real Website behind?

Guru Elite
Posts: 21,279
Registered: ‎03-29-2007

Re: Captive Portal: Redirect URL (URL for real web page) not accessible after login

The URL in the certificate is typically supposed to point to the controller, not another website.  The controller hijacks this address for authenticated as well as unauthenticated users.  The built-in certificate below is securelogin.arubanetworks.com.  As an authenticated user, if I do an nslookup, it returns the ip address of the controller, whether I am authenticated or not:

 

nslookup
> securelogin.arubanetworks.com
Server:		8.8.8.4
Address:	8.8.8.4#53

Non-authoritative answer:
Name:	securelogin.arubanetworks.com
Address: 192.168.1.3
> 


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: