Captive Portal

From Social ID Developers
Jump to: navigation, search

Contents

Architecture

The captive portal and Social-ID platform integration are illustrated in the following diagram:


Wifi architecture.png

Once the user connects to a Wi-Fi network, the AP or controller redirects to the captive portal page. The user can log in using a social network or traditional credentials and the social login callback posts the user credentials to the wireless AP or controller.

The AP or controller must be configured to authenticate the users through RADIUS authentication. A RADIUS server and a client secret are configured and queried when an authentication request arrives. The Social Login RADIUS server authenticates the user and replies to the wireless AP or controller, which opens the Internet to the user and redirects back to some welcome or portal page. From this point the user can enjoy a free Internet.

Configuration Parameters

To configure the Captive Portal on almost all vendors you will need these basic parameters:

  • RADIUS server host or IP address: the hostname or IP address of the Social-ID RADIUS server responsible to authenticate users.
  • RADIUS server authentication and accounting ports: the authentication port of the Social-ID RADIUS server responsible to authenticate users and accounting port of the Social-ID RADIUS server responsible to collect accounting information.
  • RADIUS client secret: the secret shared between the RADIUS client and server.
  • Captive portal URL: the URL of the external login page where the users will be redirected to.

RADIUS Server

The RADIUS server can be configured by hostname or IP address. We recommend to use hostname instead of IP address if possible.

If the customer's infrastructure uses static IPs, we provide the following servers by environment:

Environment Region Type Hostname IP Authentication port Accounting port
production sa-east primary radius.socialidnow.com 54.94.140.247 1812 1813
production sa-east secondary radius2.socialidnow.com 54.207.239.113 1812 1813
production eu-central primary radius.eu-central.socialidnow.com 52.28.85.158 1812 1813
staging us-east primary radius-staging.socialidnow.com 178.128.135.142 1812 1813

For dynamic IPs, when the customer's network does not have support to static IP, we provide a RADIUS server that act as a proxy:

Environment Region Type Hostname IP Authentication port Accounting port
production sa-east primary radius-proxy.socialidnow.com 18.228.102.200 custom custom
production sa-east secondary radius-proxy2.socialidnow.com 18.229.36.64 custom custom
staging us-east primary radius-staging.socialidnow.com 178.128.135.142 custom custom

For these cases we'll setup custom ports for authentication and accounting, and a unique client secret for each customer.

Our RADIUS servers accept the following authentication protocols: PAP, CHAP, MS-CHAP, MS-CHAPv2 and EAP types.

RADIUS Client Secret and Captive Portal URL

These parameters are specific for each customer. Contact us to get more details.

Configuration Guides

Walled Garden for the Social Login

In order to enable social and traditional logins you need to configure a list of URLs that the users can access without being authenticated in the Wi-Fi network.

Get the list of URLs.

Captive Portal Customizations

Available customization options can be found here: Captive Portal Customizations

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox