Wireless Access

Reply
Contributor II

User with explicit web proxy get error on Captive Portal Authentication

Hi,

 

We are having problems with some users using Linux and Firefox when trying to authenticate on Captive Portal.
I know about issues related to OCSP and Firefox. We have solved this issue adding OCSP servers to bypass captive portal in "guest" role.
The issue only happen when users connect to the SSID Captive Portal using proxy (squid) setting on Firefox.
Like the user browser sent the OCSP validation using proxy connection, the OCSP connection receive the 302 redirection to portal too.

 

I've captured the traffic using Wireshark and can see the follow steps:

 

1- User get IP address on DHCP
2- User try to access some web site (in this case www.cnn.com)
3- User connect to the proxy and trying to access www.cnn.com
4- Aruba Controller send a HTTP 302 redirect to captive portal
5- Like Captive Portal are HTTPS, the Firefox need to validate the certificate
6- The Firefox sent - via proxy - the validation to OCSP server (http://ocsp.comodoca.com)
7- The Aruba Controller again sent the HTTP 302 to redirect the request.
8- The Firefox start the step 5 again in a loop. After 3 attempts, the user receive the connection error on Firefox

 

They only happen on Firefox browser.

 

someone has gone through this?

 

Regards,

Paulo Raponi

MVP

Re: User with explicit web proxy get error on Captive Portal Authentication

Hi Paulo,

 

Have you tried adding an exception in your proxy configuration within the browser so that 'securelogin.arubanetworks.com' does not go to the proxy?

I've had similar problems which were resolved by ensuring the Aruba redirect URL was bypassing the proxy.

Hope this helps


David

David
ACDX #98 | ACMP | ACCP
Contributor II

Re: User with explicit web proxy get error on Captive Portal Authentication

Hi David,

 

Yes... If we put the domain on bypass works.

 

The strange behavior is that even when the error happens if the user refresh (F5) the page, the portal works fine! (Even without the URL bypass).

 

You know a easy way to put the URL bypass automatically for all users? (The customer are a University, so, we have a thousands of users). The only way that I found are create a .pac file and distribute using DHCP option 252.

 

Thanks,

 

 

Regards,

Paulo Raponi

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: