04-09-2012 11:08 AM
We are having problems with some users using Linux and Firefox when trying to authenticate on Captive Portal.
I know about issues related to OCSP and Firefox. We have solved this issue adding OCSP servers to bypass captive portal in "guest" role.
The issue only happen when users connect to the SSID Captive Portal using proxy (squid) setting on Firefox.
Like the user browser sent the OCSP validation using proxy connection, the OCSP connection receive the 302 redirection to portal too.
I've captured the traffic using Wireshark and can see the follow steps:
1- User get IP address on DHCP
2- User try to access some web site (in this case www.cnn.com)
3- User connect to the proxy and trying to access www.cnn.com
4- Aruba Controller send a HTTP 302 redirect to captive portal
5- Like Captive Portal are HTTPS, the Firefox need to validate the certificate
6- The Firefox sent - via proxy - the validation to OCSP server (http://ocsp.comodoca.com)
7- The Aruba Controller again sent the HTTP 302 to redirect the request.
8- The Firefox start the step 5 again in a loop. After 3 attempts, the user receive the connection error on Firefox
They only happen on Firefox browser.
someone has gone through this?
04-10-2012 02:35 AM
Have you tried adding an exception in your proxy configuration within the browser so that 'securelogin.arubanetworks.com' does not go to the proxy?
I've had similar problems which were resolved by ensuring the Aruba redirect URL was bypassing the proxy.
Hope this helps
ACDX #98 | ACMP | ACCP
04-10-2012 05:58 AM
Yes... If we put the domain on bypass works.
The strange behavior is that even when the error happens if the user refresh (F5) the page, the portal works fine! (Even without the URL bypass).
You know a easy way to put the URL bypass automatically for all users? (The customer are a University, so, we have a thousands of users). The only way that I found are create a .pac file and distribute using DHCP option 252.