The requirements of establishing an external portal server

Suitable for EAP Controller V2.0.3 or above

This document outlines the requirements when establishing an external portal server, in other words, customized landing page and customized authentication for portal authentication. For how to configure External Portal Server as the authentication type please refer to How to configure the Portal authentication function on EAP Controller, to be specific, section 5 of step 2.


NOTE: Before you read this document, check the version of your EAP controller first.


The below picture depicts the data flow among wireless client, EAP device, EAP controller, portal server and authentication server which may help you to better understand the requirements of establishing an external portal server.

  1. Wireless client is connected to the SSID on which portal authentication is enabled and tries to access the Internet. EAP device will intercept client’s HTTP request and then redirect it to the EAP controller. The client will then send GET request to the EAP controller with query string “cid=client_mac&ap=ap_mac&ssid=ssid_name&t=time_since_epoch&rid=Radio_id” in the URL according to the HTTP response it received from the EAP. (Step 1 and Step 2)
  2. The EAP controller then redirects the client to external portal server by replying a HTTP response status code 302 Found to the client. The HTTP response with this status code will additionally provide the URL of external portal server in the location field. The URL also contains the query string. For EAP controller 2.0.3 the URL is http://portal_server?cid=client_mac&ap=ap_mac&ssid=ssid_name&t=time_since_epoch&rid=Radio_id, while for EAP controller 2.2.3 or above the URL is http://portal_server?cid=client_mac&ap=ap_mac&ssid=ssid_name&t=time_since_epoch&rid=Radio_id&site=site_name. Be noted that since EAP controller 2.2.3 the parameter site is introduced. (Step 3 and Step 4)

The meaning of the parameters is listed in Table 1 Parameter explanation.

  1. Client will send GET request to external portal server using the URL which is mentioned above.(Step 5)
  2. External portal server must be able to intercept and keep a record of the parameters in the query string of the GET request and return a web page with authentication form on it. (Step 6)
  3. The wireless client’s authentication information will be submitted to the portal server, and the portal server will submit the information to the authentication server (Step 7 and Step 8). However, how portal server gets client’s authentication information and how portal server communicates with authentication server are implementation dependent which is out of the scope of this article.
  4. The authentication server verifies the authentication information and return the result to the portal server. (Step 9)


NOTE: In this example the portal server and the authentication server are separated. But they can be installed on the same server as you wish. The authentication method is also up to you. Just make sure the portal server knows when the authentication is passed.


  1. If the authentication succeeds, the portal server should send the client information to the EAP controller using the POST method. But before the portal server sends the information to the controller, it must login the EAP controller by sending a POST request. This request is send to https://controller_server_ip:https_port/login and must contain the query string “name=the_username_of_controller&password=the_password_of_controller” in the HTTP message body. You should be aware that your portal server must be configured to allow self-signed certificate, or the login process will fail. (Step 10)
  2. If the portal sever has logged in the controller successfully, it will then send the client information to https://controller_server_ip:https_port/extportal/auth using POST method. The client information is contained in the query string “cid=client_mac&ap=ap_mac&ssid=ssid_name&t=time_since_epoch&rid=Radio_id&time=expire_time” and this query string is sent in the HTTP message body of the POST request (For EAP controller V2.0.3).

For EAP controller V2.2.3 or above, the URL is https://controller_server_ip:https_port/extportal/site_name/auth and the query string is “cid=client_mac&ap=ap_mac&ssid=ssid_name& t=time_since_epoch&rid=Radio_id&site=site_name&time=expire_time”. (Step 11)

The meaning of the parameters in the query string is the same as in Table 1 Parameter explanation. The time parameter here is the number of seconds before client authentication expires. This parameter is defined by the portal server.

  1. The EAP controller returns a JSON message: {"success": [true/false] , "message":" return information"} to the portal server after the EAP controller has dealt with the information provided in the HTTP POST request. How the portal server deals with the JSON message depends on your own implementation. At last the portal sever must logout the EAP controller by sending a POST request to https://controller_server_ip:https_port/logout. (Step 12 and Step 13)
This Article Applies to:
EAP245 , EAP220 , EAP115
User Application Requirement | Updated 09-07-2016 03:19:08 AM