Q:
How does IAP External captive portal - Authentication text work?
A: IAP External captive portal is classified into two types:
- Authentication text
- Radius authentication
IAP external captive portal - Authentication text is generally used in scenarios where the end users are allowed to access the network resources by agreeing the terms and conditions or by getting to a specific sponsor page.
When using Authentication Text, we don't POST any information back to the IAP. IAP will be looking out for the "Auth Text" in the Body of the web page loaded by the client.
IAP Config:
Script:
<html>
<head>
IAP External Captive portal - Authentication Text
</head>
<body>
<h2>You are authenticated. Enjoy browsing at Arubanetworks</h2>
<form>
<input type="hidden" id="hidden1" value="Guest_Authenticated">
</form>
</body>
</html>
Workflow:
When the client connect to the wireless, the HTTP or HTTPS traffic is going to hijacked by the IAP and it would be redirected to the captive portal page.
Under the body of the captive portal page, an Hidden text is configured with the auth text value. As you can see from the above example, "Authentication Text" is configured as "Guest_Authenticated" on the IAP.
When the client loads the webpage, the IAP will be searching for the value "Guest_Authenticated"(case sensitive) under the body of the page.
If the value is found, the client would be automatically moved to the post authenticated role.
Usage:
Auth text can be used in scenarios where you would want to display your home page as soon as the user connect to the wireless. In this case, you can pick any unique work from the body of the webpage and configure as auth text.
Note:
Since the IAP will be checking for the auth text in the Body of the webpage, the client would be moved to Post authentication role as soon as the captive portal page loads.
If you would want the user to agree terms and conditions, have the authentication text configured with a unique work in the Body of the redirect page.