Hi,
We are having problems with some users using Linux and Firefox when trying to authenticate on Captive Portal.
I know about issues related to OCSP and Firefox. We have solved this issue adding OCSP servers to bypass captive portal in "guest" role.
The issue only happen when users connect to the SSID Captive Portal using proxy (squid) setting on Firefox.
Like the user browser sent the OCSP validation using proxy connection, the OCSP connection receive the 302 redirection to portal too.
I've captured the traffic using Wireshark and can see the follow steps:
1- User get IP address on DHCP
2- User try to access some web site (in this case www.cnn.com)
3- User connect to the proxy and trying to access www.cnn.com
4- Aruba Controller send a HTTP 302 redirect to captive portal
5- Like Captive Portal are HTTPS, the Firefox need to validate the certificate
6- The Firefox sent - via proxy - the validation to OCSP server (http://ocsp.comodoca.com)
7- The Aruba Controller again sent the HTTP 302 to redirect the request.
8- The Firefox start the step 5 again in a loop. After 3 attempts, the user receive the connection error on Firefox
They only happen on Firefox browser.
someone has gone through this?
Regards,
Paulo Raponi