Security

Reply
Highlighted
New Contributor

Re: IAP and external Captive Portal

Hi,

 

It looks like I am at the right thread here. I am trying to use the External Authentication Text method and I have found virtually no useful information that I can understand on exactly how to make it work! So here I am.

 

All I need is a page with our logo and terms of use and an "Agree" button. I am slightly familiar with html and such and had no problem directing the user TO the terms page and I can easily make a form with an Agree button on it but I don't have a clue how to return the authentication text back to the IAP.

 

From reading this thread it sounds like I can provide a hidden form field with my authentication text and the IAP will find it, is that correct? If so does the hidden form element need to be named anything in particular?

 

At that point how do I send my form data back to my IAP? What action should the form take to return the value? Does it go back to the IP address (which is a dynamic IP and I would be using an off site server) or do I need it to go through some additional script? A very simple code sample would be absolutely wonderful!!

 

I spent hours combing the manual and there is no instructions for this feature and my skills fall short just a bit!! Thank you so much for any help!!

Highlighted
New Contributor

Re: IAP and external Captive Portal

ASchafer, I am trying do the same as you and just have an agree button.  Any luck on getting this working? Thanks

Aruba

Re: IAP and external Captive Portal

Personally, I don't recommend my clients use Auth-Text. While it does provide a simple means of an ECP, there are too many things that can go wrong with it leaving your users either unconnected or worse yet dialing into your helpdesk. Take for example that many devices (including one of my test devices) will spawn system generated HTTP requests...the issue with this is that the IAP has no means to decipher between a user generated HTTP request or a system generated. In that, upon receipt of a valid HTTP request, the IAP will send the system generated request the ECP URL for login....given all this is happening without the user being aware - when the user actually looks to login, they won't be sent the ECP login page.

 

Given the IAP runs a version of FreeRadius, I'd suggest baking a POST mechanism into your "accept' button on your ECP landing page. The goodness about this is that it does require user intervention to 'click' to login or accept.


So, create an internal user in the IAP's internal database....a generic uid/passowrd for your WLAN and then ensure that the auth mechanism is internal authenticated. Then bake some simple code into your HTML such as the following:

 

<HTML>
<HEAD>
External Captive Portal Page <meta http-equiv="Content-Type" content="text/html; charset=GB2312"/>
</HEAD>
<BODY>
<form method=POST action="http://securelogin.arubanetworks.com/cgi-bin/login">
Username: <input name=user value="username">
Password: <input name=password value="password">
<input name=cmd value="authenticate" type="hidden">
<input name=mac value="" type="hidden">
<input name=ip value="" type="hidden">
<input name=essid value="" type="hidden">
<input name=url value="http://www.google.com" type="hidden">
<BR><input type="submit" name="Login" value="login" class="button" />
</form>
</BODY>
</HTML>

 

Hope that helps! Adam

 



| Adam Kennedy, Systems Engineer - adamk@hpe.com

| Service Providers – Aruba, an HPE Company

| Twitter: @adam8021x | Airheads: akennedy
Highlighted
New Contributor

Re: IAP and external Captive Portal

This worked perfectly for me. I did do one thing different in that made the user and password input hidden so the users will not change it and it works beautifly. 

 

<form method=POST action="http://securelogin.arubanetworks.com/cgi-bin/login">
<span class="bodytext">
<input name=user value="Guest" type="hidden">
<input name=password value="password" type="hidden">
<input name=cmd value="authenticate" type="hidden">
<input name=mac value="" type="hidden">
<input name=ip value="" type="hidden">
<input name=essid value="" type="hidden">
<input name=url value="http://arubanetworks.com" type="hidden">
<BR><input type="submit" name="Login" value="I Agree" class="button" />
</span>
</form>

Highlighted
Occasional Contributor II

Re: IAP and external Captive Portal

Does anyone know why the submit form doesn't work if used as https [<form method=POST action= "https://securelogin.arubanetworks.com/cgi-bin/login">]
I've created a external portal html page using the example form above and it works ok with http form submit. If I try using https on form submit (that the point of hidding the credentials) it doesn't do the the login. Do I have to change the url used or is something else?

EDIT: if used with https it needs a valid certified for IAP controller too because some smartphone refuse to send the data in background to a self signed certifate server. On windows it gives a popup "Continue anyway"
I've uploaded a valid certificate on controller and now the login goes well. [<form method=POST action= "https://aruba.domain.al/cgi-bin/login">]

Now I have a question. For authentication failure scenario does the IAP has an option to respond with authentication failure status to notify the user?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: