Captive Portal
Contents |
Architecture
The captive portal and Social-ID platform integration are illustrated in the following diagram:
Once the user connects to a Wi-Fi network, the AP or controller redirects to the captive portal page. The user can log in using a social network or traditional credentials and the social login callback posts the user credentials to the wireless AP or controller.
The AP or controller must be configured to authenticate the users through RADIUS authentication. A RADIUS server and a client secret are configured and queried when an authentication request arrives. The Social Login RADIUS server authenticates the user and replies to the wireless AP or controller, which opens the Internet to the user and redirects back to some welcome or portal page. From this point the user can enjoy a free Internet.
Configuration Parameters
To configure the Captive Portal on almost all vendors you will need these basic parameters:
- RADIUS server host or IP address: the hostname or IP address of the Social-ID RADIUS server responsible to authenticate users.
- RADIUS server authentication and accounting ports: the authentication port of the Social-ID RADIUS server responsible to authenticate users and accounting port of the Social-ID RADIUS server responsible to collect accounting information.
- RADIUS client secret: the secret shared between the RADIUS client and server.
- Captive portal URL: the URL of the external login page where the users will be redirected to.
RADIUS Server
The RADIUS server can be configured by hostname or IP address. We recommend to use hostname instead of IP address if possible.
If the customer's infrastructure uses static IPs, we provide the following servers by environment:
Environment | Region | Type | Hostname | IP | Authentication port | Accounting port |
---|---|---|---|---|---|---|
production | sa-east | primary | radius.socialidnow.com | 54.94.140.247 | 1812 | 1813 |
production | sa-east | secondary | radius2.socialidnow.com | 54.207.239.113 | 1812 | 1813 |
production | eu-central | primary | radius.eu-central.socialidnow.com | 52.28.85.158 | 1812 | 1813 |
staging | us-east | primary | radius-staging.socialidnow.com | 178.128.135.142 | 1812 | 1813 |
For dynamic IPs, when the customer's network does not have support to static IP, we provide a RADIUS server that act as a proxy:
Environment | Region | Type | Hostname | IP | Authentication port | Accounting port |
---|---|---|---|---|---|---|
production | sa-east | primary | radius-proxy.socialidnow.com | 18.228.102.200 | custom | custom |
production | sa-east | secondary | radius-proxy2.socialidnow.com | 18.229.36.64 | custom | custom |
staging | us-east | primary | radius-staging.socialidnow.com | 178.128.135.142 | custom | custom |
For these cases we'll setup custom ports for authentication and accounting, and a unique client secret for each customer.
Our RADIUS servers accept the following authentication protocols: PAP, CHAP, MS-CHAP, MS-CHAPv2 and EAP types.
RADIUS Client Secret and Captive Portal URL
These parameters are specific for each customer. Contact us to get more details.
Configuration Guides
- Aruba Controller
- Aruba IAP
- Cisco Meraki
- Cisco Wireless Lan Controller
- Extreme Wireless
- Mikrotik RouterOS
- Nomadix Access Gateway
- OpenMesh CloudTrax
- Ruckus Virtual SmartZone
- Ruckus ZoneDirector
- Ubiquiti UniFi
- Zebra Wing 5 WLAN
- Zyxel Nebula
- Zyxel NXC Series
Walled Garden for the Social Login
In order to enable social and traditional logins you need to configure a list of URLs that the users can access without being authenticated in the Wi-Fi network.
Captive Portal Customizations
Available customization options can be found here: Captive Portal Customizations