Captive Portals

Captive Portal Settings

Name – The Captive Portal name that will be displayed through IronWifi platform.

Description – Provide description to your Captive Portal

Network – The network where this Captive Portal is located. Any access requests processed by this Captive Portal will be authenticated by these Network’s RADIUS servers.

Vendor – Brand of your Access Points or Controller that are used to provide the access control for connecting users.

Splash Page URL – This is the URL where the Splash page is available. This URL should be configured in your Controller settings as External Captive Portal.

Language – Language for any internal error and notice messages generated by IronWifi

On Success Redirect to – Defines behavior after successful authentication. The user can be forwarded to initially requested URL, a Success page, or a predefined external URL. External URL should include the protocol – e.g., https://www.google.com

Authentication Providers – a set of authentication methods that should be available on the Splash portal. See Authentication Providers for more details.

Splash Page URL – This is the URL where the Splash page is available. This URL should be configured in your Controller settings as External Captive Portal.

Portal Pages – editable pages that are presented to the user in different phases of the authorization process. Further information is available on the Portal Pages page.

File Library – upload and manage static files that should be available on a Portal page. Use an relative path to refer to uploaded files – eg. <img src=”./logo.png”> or <link type=”text/css”  href=”custom.css” />

Cloud CDN – this option will enable Google Caching by adding required headers to static files served from this Captive Portal

Client Analytics – collect detailed information about visitor’s browser, these include screen resolution, OS, language, installed fonts and more. Gathered information is available in Reports.

Cookie-Based Authentication – if enabled, a Cookie with credentials will be stored in visitor’s browser protected with standard OS access control mechanisms. This Cookie will be used for automatic authentication the next time user is taken to the Splash page. This allows overriding Session timeout settings of controller that is typically limited to few hours. Cookie expiration time is set in Guest Manager section in the “Expire after” property.

MAC-Based Authentication – allows user to be re-authenticated based on the client MAC address. MAC address is extracted from the URL and used for automatic authentication the next time visitor is taken to the Splash page. This allows overriding Session timeout settings of controller that is typically limited to few hours. List of known and authorized devices is available in the Console -> Users -> selected user. Administrator can deauthorize any device by clicking on the trash icon, and visitor can deauthorize his device on the Returing user page. If user is deleted from IronWifi console, so will be the Username – MAC address pairing.

Controller Configuration

This section provides information that should be configured in your Controller settings.

SAML ACS URL – SAML Assertion Consumer URL, displayed if SAML Authentication Provider is enabled. This URL is part of Service Provider configuration on your existing Identity Provider.

SAML Logout URL – displayed if SAML Authentication Provider is enabled. This Logout URL is usually optional for Service Provider configuration on your existing Identity Provider.

Entity Id – displayed if SAML Authentication Provider is enabled. Entity Id is a globally unique name for this SAML entity and should be configured in Service Provider on your existing Identity Provider.

RADIUS servers – provides IP address, port numbers and shared secret of Primary and Backup RADIUS servers. These values are same as displayed in Network details and should be configured on your Controller. Captive Portal will forward collected or generated credentials to this RADIUS servers for verification.

Walled Garden – a list of IP addresses and domains that should be added to the pre-authorization access list on your Controller. Visitors need to be allowed to access these IP addresses and domains for authentication, depending on selected Authentication Provider. It is recommended to add all displayed networks and domains.

All visitors need to be able to access Splash page URL, hosted by Google and available at 107.178.250.42/32

Guest Manager – This section specifies how temporary user accounts are generated during the authentication process. Further information is provided on the Guest Manager page.