Security

Reply
New Contributor

Using external captive portal with authentication text

Hi everyone,

 

I have some issues with the external captive portal. We have configured SSID to work with external captive portal using an authentication text method. 

 

We've done everything as per documentation and placed authentication text as per below recommendations:

 

 

  <html>  
  <head>  
   IAP External Captive portal - Authentication Text 
  </head>  
  <body>  
  <h2>You are authenticated. Enjoy browsing at Arubanetworks</h2>  
  <form>  
  <input type="hidden" id="hidden1" value="Guest_Authenticated">  
  </form>  
  </body>  
  </html> 

However when we connect to SSID and Captive Portal appear on the screen with welcome page (auth text included in body) mobile device is not getting INTERNET. 

In docs it says that client would be moved to Post authentication, can someone explain, what doest it mean? Do we need to adjust specific rules in Aruba controller ?

Cheers,

 

Ruslan 

 

 

 

Guru Elite

Re: Using external captive portal with authentication text

What is your SSID configuration?

 

EDIT:

 

All you would need is a string from the HTML in the authentication text configuration.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
New Contributor

Re: Using external captive portal with authentication text

WLAN Settings - Guest

VLAN 
Client IP assign - Network Assigned

Client VLAN Assigment - Default

Screenshot 2018-08-25 15.24.40.pngSecurity Settings

 

Screenshot 2018-08-25 15.25.25.pngCaptive Portal Profile Settings

Screenshot 2018-08-25 15.26.31.pngAccess SettingsThanks in advance for your time and feedback.

Guru Elite

Re: Using external captive portal with authentication text

Your Auth text parameter should be a string on the HTML page, NOT test123.  Try "Guest_Authenticated", instead of test123

 

Screenshot 2018-08-25 at 06.31.26.png


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
New Contributor

Re: Using external captive portal with authentication text

Hi,

 

I've created an external captive portal template. (ref: InstantCPv8.1-NoCSS-AuthText-Error.zip)

 

When you click on accept, it calls the HTML GET which fetches the login.html page which contains a comment, the authenticated text string: Authenticated.

 

Paul Gallant, ing.
CWNA, CWSP, ACCA, ACSA, ACEAP, ACMX #377, ACDX #380

New Contributor

Re: Using external captive portal with authentication text

We've changed the authentication text to Guest_Authenticated

As you can see from the screenshot below aruba recognize the text and grant access, however mobile device is NOT getting internet from AP.

Sorry if from the beginning my question was a little confusing, but this is exactly what I want to know, why device is not getting internet even if I am already authenticated. 

IMAGE 2018-08-26 13_13_12.jpg

It is cleary visible, that there is not WIFI icon near, means I still don't have internet connection.

Guru Elite

Re: Using external captive portal with authentication text

What ACLs do you have defined in the "Smartwifi" role?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
New Contributor

Re: Using external captive portal with authentication text

Hi,

 

Is your intent to secure this portal with HTTPS.

Authentication text method requires IAP to interpret HTML code.

Consequently, my understanding is that it only works using HTTP.

 

I tested the template I published and it works. I'm currently Instant firmware version 6.5.4.8.

 

Paul Gallant, ing.
CWNA, CWSP, ACCA, ACSA, ACEAP, ACMX #377, ACDX #380

Contributor II

Re: Using external captive portal with authentication text

Hi Paul,

 

first of all thanks for your captive portal template. I used this for my setup as well. It all works fine with HTTP, but we now want to host the captive portal page on the internet, so we don't need to allow guest to corp traffic. It's seems the IAP is no longer able to read the Authenticated comment as soon as I set it up with HTTPS and have explicit allow HTTPS rules in my preauth role.

Seems like you are confirming the same, that the authentication method is not working anymore with HTTPS?

PS, When I use the radius authentication method, with a user guest/guest, this will still work with HTTPS.

 

Does anyone have an explanation for this? Or better, a solution to make the authentication text method work with HTTPS?

New Contributor

Re: Using external captive portal with authentication text

Has anyone figured out how to do the authentication if your external captive portal is https?    I'm in teh situation where my captive portal is in the 'cloud'. I'm not too keen for users to be entering credentials in the clear.  


Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: