I’m attempting to redirect the HotSpot login page to a remote server. The remote server will do some simple processing/logging and then redirect back to the HotSpot server with a common username and password. This will be a public hotspot so no need to have users individually authenticate. Will not be using Radius or UserManager for authentication.
I have been through the example provied in the manual (Customizing HotSpot: HTTP Servlet Pages) and am unable to make a successful login from the remote page. Searching the forums didn’t return anything directly related to this topic either.
The HotSpot user gets redirected to the remote page fine. But when redirecting back I always get the error message:
web browser did not send challenge respone(try again, enabl JavaScript)
I’m workng on a RB532 w/2.9.46 which is redirecting to a PHP page on an LAMP server.
If someone has a working example or modified example of the one found in the manual that would be greatly appreciated.
Regards,
Iformation from possible error messages,
chap-missing = web browser did not send challenge response (try again, enable JavaScript) - trying to log in with HTTP-CHAP method using MD5 hash, but HotSpot server does not know the challenge used for the hash. This may happen if you use BACK buttons in browser; if JavaScript is not enabled in web browser; if login.html page is not valid; or if challenge value has expired on server (more than 1h of inactivity). Solution: instructing browser to reload (refresh) the login page usually helps if JavaScript is enabled and login.html page is valid
I’m having a similar issue. It works when PAP is enabled, so it’s sending clear text. How do I get my remote server to MD5 Hash up the password for http-chap only authentication? Or do I need to get SSL certs onto my routers and rely on that for encryption.
I’d prefer to avoid PAP and just go CHAP.
In the case of having to use SSL, does this operate ok when all Hotspots DNS map back to an internal IP?
Will it look at trusted CA’s to check that it is verified? I’m assuming a self signed cert will still produce errors with more recent browsers. Which can be a show stopper as most people just see the error, not the “Click here to continue..”
However, if a CA isn’t in someone’s browser it can’t lookup outside of the Garden to verify their Cert. That could be painful..
Any ideas?
Thanks in advance