Scribd Logo
Carica

Benvenuto in Scribd!

  • Tanaza Captive Specfications v3.2

    Caricato da

    nacerx99
    30 visualizzazioni5 pagine
    tanaza

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    tanaza

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    30 visualizzazioni5 pagine

    Tanaza Captive Specfications v3.2

    Caricato da

    nacerx99
    tanaza

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    Tanaza Captive Portal

    Specifications v3.2
    In Tanaza the Captive Portal functionalities are offered using an external radius server. To allow
    the integration with Tanaza subsystem some specifications are required.

    Logon procedure
    When a client wants to access Internet, the following scenario takes place:
    1. The wireless client associates with the Tanaza wireless network SSID;
    2. The user makes an initial request for an URL in his web browser;
    3. The Tanaza Ap redirects the user to an external splash page, through which the user
    must authenticate to gain access to Internet.
    The splash page is requested through an http or https get request including the following
    http parameters:
    Parameter Name

    Description

    ap_ip

    This is the ip or domain name (Ex. 192.168.1.0 or captive-gw) to which


    the authentication reply must be redirected, after the authentication
    through the splash page has been done

    ap_port
    user_mac

    The port of the ap_ip


    The MAC address of the user wireless client (ex. 00:11:22:33:44:55)
    A unique string identifying a single AP.
    It value is the upper case MAC address without the : or - char.

    ap_id

    E.G.
    If the MAC address of an Access Point is aa:bb:cc:dd:ee:ff or
    aa-bb-cc-dd-ee-ff,
    ap_id= AABBCCDDEEFF

    ap_group
    user_url

    A label that identifies the group of which the AP is part of


    The URL that the user originally requested

    vendor

    Constant string identifying tanaza vendor. Its always tanaza

    version

    Identifies the protocol of this specification. Current version: 3

    Example:
    https://splash.url.com/?
    ap_ip=192.168.0.1&ap_port=6666&user_mac=00:11:22:33:44:55&ap_id=CF0A74B100C4&ap_
    group=hotel_yx&user_url=http://www.tanaza.com&vendor=tanaza&version=3
    4. The user must authenticate on the splash page; the splash page must contain a form
    that requests the following fields to the user:
    1. username and password or
    2. email and password or
    3. email only or
    4. accepting condition only or
    5. social media authentication or
    6. other auth information.
    The form of the splash page must be submitted to a server-side page (can be the same
    page), including all the information requested to the user (such as login/password) and
    all the parameters specified in step 3.
    5. The server-side page that receives the submitted form, uses the received parameters,
    such as username, password, social media info, or anything else, in order to grant/deny
    access. Once access is granted, the user browser is redirected to the following URL
    using HTTP GET or HTTP POST request:
    http://[ap_ip]:[ap_port]/logon
    with the following params:
    user=[user]&passwd=[passwd]&user_mac=[user_mac]&user_url=[user_url]&ap_id=[ap_id]
    where:
    Parameter Name
    ap_ip
    ap_port
    user

    Description

    Mandatory

    Refers to ap_ip passed to the splash page

    true

    Refers to ap_port passed to the splash page

    true

    User identifier, generally this refers to the user name. In the


    MAC Authentication this refers to the user client MAC
    address

    true

    token

    Password or token, used to authenticate the user towards


    the radius server.

    true

    NOTE: in firmwares 1.6.0 and 1.6.1 was called passwd


    user_mac

    Refers to the user_mac passed to the splash page

    true

    Refers to ap_id passed to the splash page.


    It value is the upper case MAC address without the : or
    - char.
    ap_id

    E.G.
    If the MAC address of an Access Point is aa:bb:cc:dd:ee:ff
    or aa-bb-cc-dd-ee-ff,

    true

    ap_id= AABBCCDDEEFF
    user_url
    duration

    Refers to user_url passed to the splash page or the


    welcome url to which redirect the user
    Describes the duration (in seconds) of the temporary
    session (this param is sent only when requesting
    temporary session). This param MUST not be sent if you
    want a normal logon.

    false
    false

    This param allows to create for the specified IP-MAC pair a


    temporary session during which the client can surf the
    internet without any restriction (e.g. to allow the user to
    retrieve his auth. credentials via email, in order to then
    login with a normal session). The duration indicates for how
    much time the temporary session is active. This parameter
    MUST be within the following range: from 1 min up to
    SESSION_TIMEOUT. Once the temporary session expires
    the user is sent back to the splash page.
    6. The Tanaza AP redirects the user to the user_url passed or to the landig page url if
    specified in the cloud configuration.

    Notes related to RADIUS


    AUTHENTICATION
    When radius authentication fails, the client is redirected to the splash page url with the
    parameter error=1.
    For example, if the url of the splash page is

    https://splash.url.com/?
    ap_ip=192.168.0.1&ap_port=6666&user_mac=00:11:22:33:44:55&ap_id=CF0A74B100C4&ap_
    group=hotel_yx&user_url=http://www.tanaza.com&vendor=tanaza&version=3
    and the client fails the radius authentication, the client will be redirected to:
    https://splash.url.com/?
    ap_ip=192.168.0.1&ap_port=6666&user_mac=00:11:22:33:44:55&ap_id=CF0A74B100C4&ap_
    group=hotel_yx&user_url=http://www.tanaza.com&vendor=tanaza&version=3&error=1

    Logoff procedure
    When a client wants to logoff, he clicks on the provided disconnect button, and the user should
    be redirected to the following URL using HTTP GET request:
    http://[ap_ip]:[ap_port]/logoff
    where:
    Parameter Name
    ap_ip
    ap_port

    Description

    Mandatory

    Refers to ap_ip passed to the splash page

    true

    Refers to ap_port passed to the splash page

    true

    Session Management
    There are two timeouts that can be configured from the Tanaza Cloud: SESSION_TIMEOUT
    and IDLE_TIMEOUT. Both of them can be specified through the Tanaza Cloud Dashboard
    (cloud.tanaza.com) either manually or as parameters received by Radius.
    The SESSION_TIMEOUT defines the duration of the session in seconds; this timeout is not
    refreshable and when it expires the session is closed.
    The IDLE_TIMEOUT defines the time of client inactivity (doesnt transmit nor receive packets) in
    seconds after which the client is considered logged off.

    RADIUS
    NOTE: the identifier of the NAS (Network Access Server) of each Wi-Fi Access Point is the
    upper case MAC address without the : or - char.
    E.G.
    If the MAC address of an Access Point is aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff,
    NAS-identifier = AABBCCDDEEFF.

    Contacts
    Embedded Software Team - embed@tanaza.com

    Potrebbero piacerti anche