Controllerless Networks

last person joined: 14 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Using external captive portal with authentication text

This thread has been viewed 4 times

  • 1.  Using external captive portal with authentication text

    Posted Nov 28, 2016 11:18 AM

    Hi everyone,

     

    I'm having some issues with using the external captive portal. We have configured an SSID with external captive portal and on the captive portal there nothing more than a disclaimer.

     

    I'm having issues with IOS clients and Android clients, but they are having different issues.

     

    With the IOS devices the captive portal sometimes is shown directly when connecting to the SSID but sometimes it shows a blank page or keeps getting redirected back to the disclaimer page after accepting it.

     

    With the Android devices accepting the disclaimer page is not a problem, it gets redirected correctly and after redirect internet access is working.

    But when the device connects and the browser is opened it shows a security warning on the page that was already opened in the browser. After browsing to a website the client is properly redirected to the disclaimer page but the security warning isn't really something we want on the guest network.

     

    Do you guys have any experience with the issues stated above?

    Any help is much appreciated.

     

    If anything about my post is not done correctly please let me know. This is my first post here.



  • 2.  RE: Using external captive portal with authentication text

    EMPLOYEE
    Posted Nov 29, 2016 04:51 AM

    May I ask what version of instant you are running?



  • 3.  RE: Using external captive portal with authentication text

    Posted Nov 29, 2016 05:11 AM

    Hi cjoseph,

     

    i'm testing on two clusters. But getting the same result on both.

    One cluster of IAP 225

    Firmware version: 6.4.2.6-4.1.1.11_52666

    One cluster of IAP 115

    Firmware version: 6.4.2.6-4.1.1.8_50989

     

    I have been digging into it some more and i'm able to make sure the clients don't get a security warning by blocking https in the pre auth role.

    Problem then is when they are in the pre auth role the clients get a timeout on https websites and they are not getting redirected to the external captive portal.

    When they browse to a http website redirection is working fine.

     

    Is it possible to redirect them to a http website when they open the browser, even when they try to open a https website?

     

    Thanks in advance.

     



  • 4.  RE: Using external captive portal with authentication text

    EMPLOYEE
    Posted Nov 29, 2016 05:45 AM
    Unfortunately, this is an industry-wide issue http://community.arubanetworks.com/t5/Wireless-Water-Cooler/How-are-you-all-dealing-with-HSTS/td-p/239328


  • 5.  RE: Using external captive portal with authentication text

    Posted Nov 29, 2016 06:54 AM

    Hi cjoseph,

     

    again thanks for your reply.

    too bad there isn't a way around this.

     

    Are there any alternatives for deploying a captive portal which give a good/better experience on the client?

     

    Thanks in advance.



  • 6.  RE: Using external captive portal with authentication text

    EMPLOYEE
    Posted Nov 29, 2016 09:21 AM

    Well, the preferred way is to allow a client's Captive Portal detection, which typically occurs over http, bring up the page...

     



  • 7.  RE: Using external captive portal with authentication text

    Posted Nov 29, 2016 09:45 AM

    Hmm that doesn't really seem to work for me. In the pre auth role i now have an allow rule for http traffic and a deny any.

    In this configuration i'm getting certificate warnings on https and browsing to http sites is possible but i'm not getting redirected to the captive portal.

     

    Any thoughts on that? Thanks in advance.