Security

Hi everyone,

I have some issues with the external captive portal. We have configured SSID to work with external captive portal using an authentication text method. 

We've done everything as per documentation and placed authentication text as per below recommendations:

  <html>  
  <head>  
   IAP External Captive portal - Authentication Text 
  </head>  
  <body>  
  <h2>You are authenticated. Enjoy browsing at Arubanetworks</h2>  
  <form>  
  <input type="hidden" id="hidden1" value="Guest_Authenticated">  
  </form>  
  </body>  
  </html> 

However when we connect to SSID and Captive Portal appear on the screen with welcome page (auth text included in body) mobile device is not getting INTERNET. 

In docs it says that client would be moved to Post authentication, can someone explain, what doest it mean? Do we need to adjust specific rules in Aruba controller ?

Cheers,

Ruslan 

What is your SSID configuration?

EDIT:

All you would need is a string from the HTML in the authentication text configuration.

WLAN Settings - Guest

VLAN 
Client IP assign - Network Assigned

Client VLAN Assigment - Default

Security Settings

Captive Portal Profile Settings

Access SettingsThanks in advance for your time and feedback.

Your Auth text parameter should be a string on the HTML page, NOT test123.  Try "Guest_Authenticated", instead of test123

Hi,

I've created an external captive portal template. (ref: InstantCPv8.1-NoCSS-AuthText-Error.zip)

When you click on accept, it calls the HTML GET which fetches the login.html page which contains a comment, the authenticated text string: Authenticated.

Paul Gallant, ing.
CWNA, CWSP, ACCA, ACSA, ACEAP, ACMX #377, ACDX #380

Attachment(s)

InstantCPv8.1-NoCSS-AuthText-Error.zip   76 KB 1 version

We've changed the authentication text to Guest_Authenticated

As you can see from the screenshot below aruba recognize the text and grant access, however mobile device is NOT getting internet from AP.

Sorry if from the beginning my question was a little confusing, but this is exactly what I want to know, why device is not getting internet even if I am already authenticated. 

It is cleary visible, that there is not WIFI icon near, means I still don't have internet connection.

What ACLs do you have defined in the "Smartwifi" role?

Hi,

Is your intent to secure this portal with HTTPS.

Authentication text method requires IAP to interpret HTML code.

Consequently, my understanding is that it only works using HTTP.

I tested the template I published and it works. I'm currently Instant firmware version 6.5.4.8.

Paul Gallant, ing.
CWNA, CWSP, ACCA, ACSA, ACEAP, ACMX #377, ACDX #380

Hi Paul,

first of all thanks for your captive portal template. I used this for my setup as well. It all works fine with HTTP, but we now want to host the captive portal page on the internet, so we don't need to allow guest to corp traffic. It's seems the IAP is no longer able to read the Authenticated comment as soon as I set it up with HTTPS and have explicit allow HTTPS rules in my preauth role.

Seems like you are confirming the same, that the authentication method is not working anymore with HTTPS?

PS, When I use the radius authentication method, with a user guest/guest, this will still work with HTTPS.

Does anyone have an explanation for this? Or better, a solution to make the authentication text method work with HTTPS?

Has anyone figured out how to do the authentication if your external captive portal is https?    I'm in teh situation where my captive portal is in the 'cloud'. I'm not too keen for users to be entering credentials in the clear.  

Hi,

Checking the snapshot below I see a profile configured as pre-authenticated.

As I know authentication text doesn't work with profiles because there is no flow to change from a restricted profile to a new one with full navegation grants.

Is make sense for you?

How is smartwifi_login configurated?