Captive Portal shows "auth success" page instead of "login" page

thico10

A few users (and only a few, had more than 300 successful logins so far) have the issue where, upon connecting the network and selecting the option shown on their phone or desktop browser to login using the captive portal, receive the "Authentication Success" page instead of the "Login" page. They are not actually logged in and cannot access the network.

Auth logs show no login attempts from these machines. Issue persists through multiple browsers: Chrome and embedded browsers on phones, Chrome, Firefox and Edge on laptops. I have checked for duplicate MAC addresses on the captive portal logins, none exist.

We have also tried manually inputting the address for the captive portal login page on the browsers, which also ends in a redirect to the success page. We have also tried doing this using the server's direct IP address, thinking of maybe a weird DNS issue, but nothing changes.

Adding MAC addresses to the whitelist allows users to navigate normally, but this cannot be a permanent solution.

I'm free to share logs and any more data necessary to help fix this issue.

jimp

Are you certain it's an authentication "success" page or if it's a browser portal detection page? If it's a page that only contains the word success then it's not coming from pfSense but from the browser's portal detection site/code.

Did you setup any kind of bypass for browser auto-detection sites? If so -- remove it, you do not want to do that.

thico10

I have configured an authentication "success" page as the 'Logout page' in the Captive Portal, so if the user successfully login, it shows the authentication "success". Only a few users are going straight to this 'Logout page' without logging in.

jimp

Have they ever logged in before? What is performing the redirect?

It's possible their browser has cached the redirect and contents of the logout page

thico10

No, they haven't logged in yet. I don't know what is causing the redirect. I've tried to clear cache in one of the user's browser and still redirects to this page.

jimp

If you remove the custom pages can you reproduce the problem? It may be in your code there.

You might need to post the contents of your custom login/logout pages so others here can review them for potential problems.

thico10

Ok, so I found out that it does not redirect the user to "auth success" when there is no "logout page" configured in the Captive Portal. As you said, I thought that might be a problem with my "logout page", which I use as a "auth success" page. I've uploaded the current "logout page" below:

0_1533819162596_logout.html.zip

bruno.oliveira

@jimp We're assuming the issue as @thico10 is no longer working with us.
We tried to remove the "logout page" but the problem persists.

If we disconnect all users, the devices/users affected change randomly: some users previously affected can now login and some not affected before now can't.

Any other thoughts about this? How does this login check work, how does pfSense check if the user is already logged in to send them the "logout page"?

magokbas

this issue continues since the previous version. previously reported.
https://redmine.pfsense.org/issues/8514
https://forum.netgate.com/topic/132264/unable-to-login-loop/6