Developer Community

Reply
Highlighted
New Contributor

Untrusted source error on AngularJS External Captive Portal

I've developed an external captive portal using the angularJS platform. I'm running the captive portal on a server that's connected via an ethernet cable to my fios router. I've defined a guest user WLAN on an Aruba 303HR IAP that is configured to redirect an internet access to the external captive portal.

 

When I connect a device to the guest user SSID and attempt to access the internet. The shell of the Captive Portal web page is displayed on the device's screen but the content of components of the web page are not displayed. The angular client-side software attempts to access the html template files for these components but returns an error as follows:

 

Transition Rejection($id: 0 type: 6, message: The transition errored, detail: Error: [$sce:insecurl]. This error is defined as follows in Angular documentation - Processing of a Resource from Untrusted Source Blocked.

 

The template html file accessed by angularJS is on the same server as the Captive Portal's index.html file. It is in a subdirectory of the Captive Portal root directory.

 

As noted above, the server that cotains the Captive Portal application is within the same LAN as the Aruba IAP. They are both connected to the same router.

 

Has anyone else experienced this problem? Any suggestions for the fix?

 

Thanks,

 

Robert Willner

 

MVP Guru

Re: Untrusted source error on AngularJS External Captive Portal

I don't have experience with this specific framework, but as soon as I see frameworks, I see many times where parts of it (like jQuery and other libraries) are downloaded from external sources like S3 buckets, or other CDN locations.

 

If you are in a captive portal role, you cannot access any of those locations, unless you have allowed those through. A proper first step would be to remove the captive portal redirect for now and see if the portal works. If it doesn't work there, you will need to go back and fix that first. Once it works without captive portal redirects, you could open your browser developer tools and see which objects are loaded from what servers/locations and create a guest pre-authentication role that allows all of that traffic through without being redirected.

 

Hope this at least helps you further.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
MVP Expert

Re: Untrusted source error on AngularJS External Captive Portal

+1 with Herman, you need to check if you don't use external ressource and open flow on the IAP (on logon CP role)




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
New Contributor

Re: Untrusted source error on AngularJS External Captive Portal

Thanks for the reply Herman. I have previously tested the Captive Portal using a desktop PC (as the mobile device) connected to a guest user SSID defined on my Aruba303HR IAP. When the Captive Portal failed to render completely, I opened the Chrome developer tools in the browser to see details of the errors generated by the Captive Portal web app.

 

There were mutliple access failures. The first failed access attempt was a request to https://fonts.googleapis.com/css?family=Lato:100,300,400,700,900. Perhaps as you suggested this request was blocked by the IAP. An ERR_CERT_AUTHORITY_INVALID error was returned.

 

The next two access failures where for resources within the Captive Portal applications' root directory. A picture of the directory is shown below.

CP Source Directory Image.png

The index.html file was successfully access and rendered on the mobile device and javascript files referenced in the index.html file were also successfully retrieved. However html files in the templates folder were not successfully retrieved. It seems the browser (or angularJS?) returned an untrusted/insecure source error when attempting to retrieve these files. Yet these files are local to the Captive Portal server!

 

With regard to the request to the fonts.googleapis.com domain, would the inclusion of this domain within a whitelist assigned to the guest user SSID solve this particular access failure.

 

Thanks again, Robert 

MVP Guru

Re: Untrusted source error on AngularJS External Captive Portal

The ERR_CERT_AUTHORITY_INVALID indicates either a redirect or an invalid certificate at the server that hosts your captive portal.

 

As suggested before, I would first remove the captive portal and make sure the application works in that situation. Did you test that?

 

Then you can create a pre-authentication role where you allow traffic to all servers that are needed, including that fonts.googleapis.com and your captive portal application server and possible other included sources. That role can be applied as pre-authentication role, after which it should work during the redirect as well. By default, only the server that you configured as external captive portal server is automatically 'whitelisted' through the captive portal. 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
New Contributor

Re: Untrusted source error on AngularJS External Captive Portal

Thanks for the last reply.

 

Yes, I have tested the application on a client device connected to a secure "employee" SSID defined on the aruba303hr IAP that I'm using. It works fine. 

 

I will follow your suggestion to create a pre-authentication role with the appropriate internet access rules and associate the role with the guest user SSID that authenticates via the captive portal.

 

I'll also close out this discussion based on your response. Thanks again.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: