API and Code Sample for RADIUS Server with External Web Portal (Omada Controller 3.1.4 to 3.2.17)

Omada Software Controller
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device, and check either the Datasheet or the firmware section for the latest improvements added to your product. Please note that product availability varies by region, and certain models may not be available in your region.
Suitable for Omada Controller 3.1.4 to 3.2.17.
For Omada Controller 3.0.5 or below, please refer to FAQ916
For Omada Controller 4.1.5 or above, please refer to FAQ2912
This document outlines the requirements when establishing an external web portal server. In Omada Controller, External Web Portal can only be used when the portal authentication type is External Radius Server. For how to configure External Radius Server authentication, please refer to FAQ 896 (section 4 of step 2).
The below picture depicts the workflow among the wireless client, EAP, Omada Controller, External Web Portal and the Radius Server. It will help you better understand the requirements of establishing an External Web Portal server.
1.Wireless client is connected to the SSID of the wireless network and try to access the internet. EAP device intercepts client’s HTTP request and then redirects it to the Omada Controller. (Step 1 and Step 2)
2.The Omada Controller then redirects the client’s request to the external portal page by replying a HTTP response with status code 302 Found to the client. (Step 3 and Step 4)
3.Client sends HTTP GET request to external web portal with parameter “?target=target_controller_ip&targetPort=target_controller_port&clientMac=client_mac&clientIp=client_ip&raidusServerIp= radius_server_ip&ap=ap_mac&ssid=ssid&radioId=radio_id(0 for 2.4G radio, 1 for 5G radio)&redirectUrl=redirecturl(if you did not set the redirect URL after wireless clients passing the portal authentication, the default redirect URL depends on the wireless clients)”.
for example, “http://172.30.30.113?target=172.30.30.113&targetPort=8088&clientMac=F8-1E-DF-AA-AA-AA&clientIP=172.30.30.103&raidusServerIp=172.30.30.120&ap=AC-84-C6-BB-BB-BB&ssid=eap_test&radioId=1&redirectUrl=https%3A%2F%2Fwww.tp-link.com“ (Step 5)
4.External web portal server should be able to get the value of the clientMac, clientIp, ap, ssid, radioId, redirectUrl parameters. Then external web portal server should return a page with a form. This form will collect the information of username, password, clientMac, clientIp, ap, ssid, radioId, redirectUrl
For example:
<form id="form" method=”get”> (Controller 3.1.13 or above supports method=”post”)
<div><span>username:</span><input type="text" id="username" name="username"/> </div>
<div><span>password:</span><input type="password" id="password" name="password"/></div>
<div style="display:none"><input type="text" id="clientMac" name="clientMac" /></div>
<div style="display:none"><input name="clientIp" id="clientIp"/></div>
<div style="display:none"><input name="ap" id="ap"/></div>
<div style="display:none"><input name="ssid" id="ssid"/></div>
<div style="display:none"><input name="radioId" id="radioId"/></div>
<div style="display:none"><input name="redirectUrl" id="redirectUrl"/></div>
<button type="submit">submit</button>
</form>
Please note that the “id” of these elements in your form should be the same as this example. The method to get the value of “username” and “password” can be defined by yourself, but the value of “clientMac”, “clientIp”, “ap”, “ssid”, “radioId”, “redirectUrl” must be obtained from the Http Request’s URL.
(Step 6)
5.Client sends HTTP GET packets with the form to http://target_controller_ip:targetport/portal/radius/auth after submitting. (Step7, Controller 3.1.13 or above supports method=”post” )
6.Omada Controller communicates with radius server to verify the username and password. (Step 8 and Step 9)
7.If the authentication is passed, i.e., Access-Accept is received from radius server, Omada Controller will redirect a built-in success page or a predefined webpage according to the configuration to clients. (Step 10)
The below html template is a simple demo for you to develop your External Web Portal working with Omada Controller:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<div id="errorHint" style="color:red"></div>
<form id="form" method="get"> (Controller 3.1.13 or above supports method="post")
<div><span>username:</span><input type="text" id="username" name="username"/> </div>
<div><span>password:</span><input type="password" id="password" name="password"/></div>
<div style="display:none"><input type="text" id="clientMac" name="clientMac" /></div>
<div style="display:none"><input name="clientIp" id="clientIp"/></div>
<div style="display:none"><input name="ap" id="ap"/></div>
<div style="display:none"><input name="ssid" id="ssid"/></div>
<div style="display:none"><input name="radioId" id="radioId"/></div>
<div style="display:none"><input name="redirectUrl" id="redirectUrl"/></div>
<button type="submit">submit</button>
</form>
<script type="text/javascript">
var errorHint = getQueryString("errorHint")
if (errorHint != null){
document.getElementById("errorHint").innerHTML = errorHint.replace(new RegExp('\\+', 'g'), ' ');
}
var submitUrl = "http://" + getQueryString("target") + ":" + getQueryString("targetPort") + "/portal/radius/auth";
document.getElementById("form").action = submitUrl;
document.getElementById("clientMac").value = getQueryString("clientMac");
document.getElementById("clientIp").value = getQueryString("clientIp");
document.getElementById("ap").value = getQueryString("ap");
document.getElementById("ssid").value = getQueryString("ssid");
document.getElementById("radioId").value = getQueryString("radioId");
document.getElementById("redirectUrl").value = getQueryString("redirectUrl");
function getQueryString(name) {
var reg = new RegExp("(^|&)" + name + "=([^&]*)(&|$)", "i");
var r = window.location.search.substr(1).match(reg);
if (r != null) return decodeURIComponent(r[2]); return null;
}
</script>
Czy ten poradnik FAQ był pomocny?
Twoja opinia pozwoli nam udoskonalić tę stronę.
Jakie są Twoje uwagi dotyczące tego artykułu?
- Niezadowolenie z produktu
- Zbyt skomplikowany
- Mylący tytuł
- Nie dotyczy mnie
- Zbyt ogólnikowy
- Inne
Dziękujemy
Dziękujemy za przesłanie opinii.
Kliknij tutaj, aby skontaktować się ze Wsparciem technicznym TP-Link.
Sugerowane produkty
z United States?
Uzyskaj produkty, wydarzenia i usługi przeznaczone dla Twojego regionu.
Ta witryna wykorzystuje tzw. pliki cookies, aby usprawnić jej przeglądanie, w celu analizy ruchu oraz do jak najlepszej optymalizacji wyświetlanych treści. W każdej chwili można wyłączyć obsługę plików cookies. Więcej informacji na ten temat dostępnych jest w Polityce prywatności
Your Privacy Choices
Ta witryna wykorzystuje tzw. pliki cookies, aby usprawnić jej przeglądanie, w celu analizy ruchu oraz do jak najlepszej optymalizacji wyświetlanych treści. W każdej chwili można wyłączyć obsługę plików cookies. Więcej informacji na ten temat dostępnych jest w Polityce prywatności
Podstawowe Cookies
Te pliki cookies niezbędne są do poprawnego działania witryny i nie moga zostać wyłączone.
TP-Link
SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_banner, tp_privacy_base, tp_privacy_marketing, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Zendesk
OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance
Cookies dotyczące analizy i marketingu
Analiza - Te pliki Cookies są wykorzystywane w celu analizy ruchu na naszej stronie, co umożliwia poprawę i dostosowanie wyświetlanych treści.
Marketing - Te pliki Cookies mogą być wykorzystywane przez naszych partnerów reklamowych podczas tworzenia profilu Twoich zainteresowań, co pozwala na wyświetlanie odpowiednich reklam na innych stronach.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au