How can I use PHP on my external captive portal page to authorize a new user?
Question: How can I use PHP on my external captive portal page to authorize a new user?
Product and Software: This article applies to all Aruba controllers and ArubaOS 220.127.116.11 or later.
To use an external captive portal server, you must either:
- be running ArubaOS 18.104.22.168 or higher
- purchase an ESI (External Services Interface) license for your Aruba controller
Attached is a sample script using PHP and cURL on an external, Linux-based web server. The premise is to use XML to send a "USER ADD" or "USER DENY" message to the originating controller. The IP address used in the URL query is for the controller that the wireless client originated on when making the initial login. If a wireless client roams to another controller while on the network, the authentication must be started again. The USER ADD is only valid for the originating controller query.
To provision an external server as your captive portal, follow these steps.
1) You must set the XML API server parameter in the XML API server profile as shown in the following screen shot. Add the IP address, not DNS name, of the external web server you will be using.
2) Click the newly added IP address and type in the shared key between the external web server and the controller. This configuration must be added on all controllers that will use this server for external authentication.
3) Edit your captive portal profile to reflect both the URL and method as shown in the following screen shot
4) Note that you can select whether you would like to use a welcome page from the external server. You MUST select the "Adding switch ip address in redirection URL" check box. Without this, your authentication will not work properly.
5) You need to configure the following two attached files from a sample PHP authentication scheme: index.php and authenticate-redirect.php. The index file can show your acceptable use policy or other information you would like to display to the prospective client. The authenticate-redirect file does the actual authentication (using cURL) and the redirection to the original URL requested by the wireless client.
Within the files, areas are noted that need to be configured based on your network topology.