Captive portal auth page not reachable
-
Hello everyone
I'm new in the captive portal world and pfsense and I have a problem. When I try to connect to the network, I can't reach the authentification page, I just get an error page which says:
"connect to wifi
the wifi you are using may require you to visit the login page"
Then you have a bouton "connect" but when I click on it, I just get the same page again.I want that the users authenticate themselves with them google accounts, so my authentification page is accounts.google.com. Obviously, I allow the domains that I need (I think so) so I don't really know where the problem is coming from.
If you have some idea to help me it will be great.
thanks guys -
@ituser if you want to authenticate users with their google Account, then you should look for OAuth authentification ( https://developers.google.com/identity/protocols/OAuth2 ).
As far as i know, pfSense does not oAuth authentication natively, but you could install a FreeRADIUS server that will convert RADIUS messages from the captive portal to OAuth messages
-
I will look a that
thank you -
the strange thing is that sometimes I successfully load the authentification page and I successfully enter my email and my password.
-
@ituser said in Captive portal auth page not reachable:
accounts.google.com
accounts.google.com .... how did you set this up ? You put that URL (google.com) on the Allowed hostname tab ?
And when you ID against google, how should Google inform the portal that a "user" (unknown to the portal) has ID'd against Google ?
@ituser said in Captive portal auth page not reachable:
I'm new in the captive portal world and pfsense and I have a problem. When I try to connect to the network, I can't reach the authentification page, I just get an error page which says:
"connect to wifi
the wifi you are using may require you to visit the login page"
Then you have a bouton "connect" but when I click on it, I just get the same page again.New or not, you should detail how you set up your portal.
-
Hello,
You are right I should give my configuration sorry for that
It's not me who set up the captive portal but this is the configuration :- there is a custom portal page which redirects the user to the following address: "https://login.company.net/redirect?application=Gmail&url=https://wifi.company.net:" (I didn't make that)
- I Enable HTTPS login
- I use a certificate from let's encrypt made for the captive portal
- I didn't check the "Disable HTTPS forwards"
- I made a list of allowed hostname with all the domains needed
And that all for the configuration, of course, I set up DHCP on the captive portal Interface. The DNS is working, I test to ping www.wikipedia.com, and I get an address even if I can't reach it, which is normal for a not connected user.
-
So, you are using this option :
?
Consider that one broken for the moment.I'm still very curious how a login onto Google accounts can enable portal access on the captive portal.
It can be done of course, it needs some user (admin ;) ) written code to handle the communication. probably with some Google API thingies, etc. -
No I'm not using that option,
someone wrote a custom html page, the page has a big PHP part which is checking the IP of the clients and stuff like mac address, cookies, etc. I didn't wrote the page so I don't really understand everything.
This is this page which redirects the user to the address I gave before.
I think the problem can be a certificate problem because I use a certificate made for the captive portal to go to a google page. When I get the page which told me that I need to connect, I can see beside the URL, an alert telling me the site is not secure.
Do you think it can be that? -
If you use a certificate for the portal page (hhtps login - and you selected a certificate) then you need a valid (== recognized and accepted) certificate.
That's where the acme package comes in.... -
this is what I thought, I wiil try that
thank you for the help
