Sign-on Splash

External splash pages are stored and executed on a web server that you define, and must respond appropriately to certain messages from the Access Point in order to present appropriate user-interface to the user at various stages of the authentication process.

When combining with RADIUS Authentication, EnGeniusCloud can consult an external RADIUS server that you specify in order to determine whether to authenticate the user. The user interface presented to the user will be determined by the external splash page.

EnGeniusCloud supports three types of RADIUS-based authentication: EnGenius Authentication, Custom Radius, and Voucher Service. All the three types can works with external splash page to perform a sign-on splash service.

Overview

Communication Flow

A new wireless client tries to connect to a Captive Portal enabled SSID served by an Access Point.
The AP intercepts the request and redirect the user to the external splash page which is served by a external web server configured in SSID's splash page setting. In addition, an actionurl parameter is passed to the splash page such that browser can be redirected back to the cloud after submission in splash page.
Splash page content with actionurl parameter are delivered to browser.
User clicks on the login button in the splash page and then be redirected to actionurl. The actionurl actually makes Access Point play as a RADIUS proxy to help on authenticating user with Remote RADIUS Server.

Parameters

In previous Section Step 2, the actionurl parameter is composed of a cloud URL with extra parameters. A https request sample to the splash page could be like this:

https://yourwebsite.com/login.html?actionurl=http%3A%2F%2F172.23.1.1%3A4990%2Fwww%2Flogin.chi%3Fclient_ip%3D192.168.1.111%26vendor%3DEnGenius%26ssidProfileId%3D62a9561efc9ea68257e08e4d%26userurl%3Dhttp%253A%252F%252Fwww.msftconnecttest.com%252Fredirect%26ap_mac%3D88-DC-96-9C-E9-3C%26mac%3D68-EC-C5-3F-5C-F0%26client_mac%3D68-EC-C5-3F-5C-F0%26networkId%3D5f647ea0786661d04888ea59%26ap_ip%3D172.23.1.1%26ap_port%3D3990%26called%3D88-DC-96-9C-E9-3C&res=notyet&reason=None

The https://yourwebsite.com/splash.html here is the splash page setting customized for corresponding SSID. The details of the actionurl parameters are listed as follows:

Parameter Name

Description

vendor

Should be "EnGenius"

ap_ip

IP address of associated AP

ap_mac

MAC address of associated AP

ap_port

AP service port

client_ip

IP address of the wireless client

client_mac

MAC address of the wireless client

userurl

The URL that user tried to visit before authenticated

mac

Client's MAC address (will be obsolete after 2021)

please use client_mac

called

AP's MAC address (will be obsolete after 2021)

please use ap_mac

nas_id

Network access server identifier is used to notify the source of a RADIUS access request.

ssidProfileId

Global unique identity of assoicated SSID

networkId

Global unique identity of the network which the assoicated AP belongs to

Configure Authentication Type of Captive Portal

Select a network in Org-tree.
Select SSID in the configuring tool menu.
Choose the SSID you want to configure.
Under Association Tab, choose "Open", "WPA2 PSK".
Switch to Captive PortalTab and choose one of three authentication types: EnGenius Authentication, Custom Radius, and Voucher Service to enable the RADIUS-based authentication.
Enable walled garden (located under Captive Portal > Advanced Settings > Walled garden) and enter the public IP address of your web server. The address specified needs to be the public-facing IP address of the web server hosting the Splash page, not the local LAN IP.
Click on Apply button.

Enabling an External Splash Page on EnGeniusCloud

Select a network in Org-tree.
Select SSID in the configuring tool menu.
Choose the SSID you want to configure.
switch to Captive Portal Tab and make sure your Captive Portal is enabled and Authentication Type is set to Click-through.
switch to Splash Page Tab. Select External Splash Page URL.
Enter the URL of your custom splash page (eg, https://yourwebsite.com/splash.html).
Click on "Apply" button.

Configure the External Splash Page Server

The external splash page must be hosted on a web server that will be accessible from the Access Points on your network. The following must be accomplished, but the particular details will depend very much on your web hosting environment.

Setup the Web Server.
Modify the splash page to set form action as the value of actionurl passed by cloud. In this way, after user submits the form, he will be redirected to specific URL and complete the authentication. In order to collect logon credentials, you will need to create an HTML based form that collects and then submits these to the login URL. In its simplest form this could look similar to the code below:

<form method="POST" action="$actionurl">
   Username:<br><input type="text" name="username" value=""><br>
   Password:<br><input type="password" name="password" value=""><br>
   <input type="submit" value="Submit">
</form>

Note that the input field name "username" and "password" are unchangeable. These two input fields are necessary to provide the credential for RADIUS authentication.

Last updated 2 years ago