Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Captive portal Issues with Android 7 in Central

This thread has been viewed 7 times

  • 1.  Captive portal Issues with Android 7 in Central

    EMPLOYEE
    Posted Jun 23, 2017 07:57 AM

     

    By Geir Leirvik, Aruba Networks Solutions Architect, Norway

     

    During a project with a major customer we came across an issue with a somewhat not so nice error message with the following statement:

     

    exclam.pngSecurity warning

    There is a problem with the security certificate for this site

     

    VIEW CERTIFICATE

     

     

    ----------------------------------

    On other platforms still Android 7 – something along the lines of – You may be under attack  -  Cancel - Proceed (NOT Recommended).

     

    All of this happens during the redirect to the splash page of the captive portal.

     

    This caused some concern and after an extensive TAC case, with myriads of options being discussed, ranging from – “There is nothing we can do – Google has set it up like this” – to “Let us check what is really going on, we may have to involve Google.”

     

    The solution and the outcome was this:

    Central.PNG

     

    You need to whitelist the two following sites:

    https://js-agent.newrelic.com

    https://bam.nr-data.net

    Under the splash page configuration in Aruba Central.

    That being done Android 7 - should work fine and no other platforms should be adversely affected.

    We have tested this with success with:

    iPhone 7 – IOS 10 3.2

    HTC One – Android 6

    Huawei P9 – Android 7

    Huawei P10 – Android 7

    Samsung Galaxy 6 – Android 7

    Samsung Galaxy 8 – Android 7

    Samsung tablet – Android 7

    MacBook Air – MacOS Sierra

    HP EliteBook 840-G1 – Windows 10 (10.10586)

    All the Android 7 platforms were previously affected by the issue.  If you get other certificate like issues go under security – certificates – certificate usage and ensure that you either have a working default certificate or that the chosen certificate matches the URL that you are pushing the credentials to for the IAP.

    Credits- Thank you for your patience and tenacity:

    The customer – you know who you are – we will keep you anonymous to protect the innocent!

    The TAC ERT team: Britto & Co

    Development – the heroes of the hour who analyzed the heck out of this and came up with the suggested whitelisting.  

    Finally and special thanks to Lene´,  Escalations Manager in Norway for keeping us on the straight and narrow.

     

    This apparently was not ever documented by Google – so here we have it.

     

    Oh by the way - the pages are apparently used by Google Analytics and similar services ......