• Support
  • FAQs
  • The requirements of establishing an external portal server

The requirements of establishing an external portal server

Suitable for EAP Controller V2.0.3 & EAP Controller V2.2.3

This document outlines the requirements when establishing an external portal server, in other words, customized landing page and customized authentication for portal authentication. For how to configure External Portal Server as the authentication type please refer to FAQ 896, to be specific, section 5 of step 2.

 

NOTE: Before you read this document, check the version of your EAP controller first.

 

The below picture depicts the data flow among wireless client, EAP device, EAP controller, portal server and authentication server which may help you to better understand the requirements of establishing an external portal server.

 

1. Wireless client is connected to the SSID on which portal authentication is enabled and tries to access the Internet. EAP device will intercept client’s HTTP request and then redirect it to the EAP controller. The client will then send GET request to the EAP controller with query string “cid=client_mac&ap=ap_mac&ssid=ssid_name&t=time&rid=Radio_id” in the URL according to the HTTP response it received from the EAP. (Step 1 and Step 2)

2. The EAP controller then redirect the client to external portal server by replying a HTTP response status code 302 Found to the client. The HTTP response with this status code will additionally provide the URL of external portal server in the location field. The URL also contains the query string.

For EAP controller 2.0.3 the URL is http://portal_server?cid=client_mac&ap=ap_mac&ssid=ssid_name&t=time&rid=Radio_id. 

For EAP controller 2.2.3 the URL is http://portal_server?cid=client_mac&ap=ap_mac&ssid=ssid_name&t=time&rid=Radio_id&site=site_name.

Be noted that since EAP controller 2.2.3 the parameter site is introduced. (Step 3 and Step 4)

The meaning of the parameters is listed in Table 1 Parameter explanation.

3. Client will send GET request to external portal server using the URL which is mentioned above.(Step 5)

4. External web portal server must be able to intercept and keep a record of the parameters in the query string of the GET request and return to the web page with authentication form on it. (Step 6)

5. The wireless client’s authentication information will be submitted to the portal server, and the portal server will submit the information to the authentication server. (Step 7 and Step 8)

6. The authentication server verifies the authentication information and return the result to the portal server. (Step 9)

 

NOTE: In this example the portal server and the authentication server are separated. But they can be installed on the same server as you wish. The authentication method is also up to you. Just make sure the portal server knows when the authentication is passed.

 

7. If the authentication succeeded the portal server should send the clients information to the EAP controller using the POST method. But before the portal server sends the information to the controller it must login the EAP controller by sending a POST request. This request is send to https://controller_server_ip/login and must contain the query string “name=the_username_of_controller&password=the_password_of_controller” in the HTTP message body. You should be aware that your portal server must be configured to allow self-signed certificate or the login process will fail. (Step 10)

8. If the portal sever has logged in the controller successfully it will then send the client information to https://controller_server_ip/extportal/auth using POST method. The client information is contained in the query string “cid=client_mac&ap=ap_mac&ssid=ssid_name&t=time&rid=Radio_id” and this query string is sent in the HTTP message body of the POST request (For EAP controller V2.0.3).

For EAP controller V2.2.3, the URL is https://controller_server_ip/extportal/site_name/auth and the query string is “cid=client_mac&ap=ap_mac&ssid=ssid_name&t=time&rid=Radio_id&site=site_name”.

The meaning of the parameters in the query string is the same as in Table 1 Parameter explanation. (Step 11)

9. The EAP controller returns a JSON message: {"success": [true/false] , "message":" return information"} to the portal server after the EAP controller has dealt with the information provided in the HTTP POST request. How the portal server deals with the JSON message depends on your own implementation. At last the portal sever must logout the EAP controller by sending a POST request to https://controller_server_ip/logout. (Step 12 and Step 13)