Sign-on Splash
Last updated
Last updated
External splash pages are stored and executed on a web server that you define, and must respond appropriately to certain messages from the Access Point in order to present appropriate user-interface to the user at various stages of the authentication process.
When combining with RADIUS Authentication, EnGeniusCloud can consult an external RADIUS server that you specify in order to determine whether to authenticate the user. The user interface presented to the user will be determined by the external splash page.
EnGeniusCloud supports three types of RADIUS-based authentication: EnGenius Authentication, Custom Radius, and Voucher Service. All the three types can works with external splash page to perform a sign-on splash service.
A new wireless client tries to connect to a Captive Portal enabled SSID served by an Access Point.
The AP intercepts the request and redirect the user to the external splash page which is served by a external web server configured in SSID's splash page
setting. In addition, an actionurl
parameter is passed to the splash page such that browser can be redirected back to the cloud after submission in splash page.
Splash page content with actionurl
parameter are delivered to browser.
User clicks on the login button in the splash page and then be redirected to actionurl
. The actionurl actually makes Access Point play as a RADIUS proxy to help on authenticating user with Remote RADIUS Server.
In previous Section Step 2, the actionurl parameter is composed of a cloud URL with extra parameters. A https request sample to the splash page could be like this:
The https://yourwebsite.com/splash.html here is the splash page setting customized for corresponding SSID. The details of the actionurl parameters are listed as follows:
Select a network in Org-tree.
Select SSID in the configuring tool menu.
Choose the SSID you want to configure.
Under Association
Tab, choose "Open", "WPA2 PSK".
Switch to Captive Portal
Tab and choose one of three authentication types: EnGenius Authentication, Custom Radius, and Voucher Service to enable the RADIUS-based authentication.
Enable walled garden (located under Captive Portal > Advanced Settings > Walled garden) and enter the public IP address of your web server. The address specified needs to be the public-facing IP address of the web server hosting the Splash page, not the local LAN IP.
Click on Apply
button.
Select a network in Org-tree.
Select SSID in the configuring tool menu.
Choose the SSID you want to configure.
switch to Captive Portal
Tab and make sure your Captive Portal is enabled and Authentication Type is set to Click-through
.
switch to Splash Page
Tab. Select External Splash Page URL
.
Enter the URL of your custom splash page (eg, https://yourwebsite.com/splash.html).
Click on "Apply
" button.
The external splash page must be hosted on a web server that will be accessible from the Access Points on your network. The following must be accomplished, but the particular details will depend very much on your web hosting environment.
Setup the Web Server.
Modify the splash page to set form action
as the value of actionurl
passed by cloud. In this way, after user submits the form, he will be redirected to specific URL and complete the authentication. In order to collect logon credentials, you will need to create an HTML based form that collects and then submits these to the login URL. In its simplest form this could look similar to the code below:
Note that the input field name "username" and "password" are unchangeable. These two input fields are necessary to provide the credential for RADIUS authentication.
Parameter Name | Description |
---|---|
vendor
Should be "EnGenius"
ap_ip
IP address of associated AP
ap_mac
MAC address of associated AP
ap_port
AP service port
client_ip
IP address of the wireless client
client_mac
MAC address of the wireless client
userurl
The URL that user tried to visit before authenticated
mac
Client's MAC address (will be obsolete after 2021)
please use client_mac
called
AP's MAC address (will be obsolete after 2021)
please use ap_mac
nas_id
Network access server identifier is used to notify the source of a RADIUS access request.
ssidProfileId
Global unique identity of assoicated SSID
networkId
Global unique identity of the network which the assoicated AP belongs to