Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Specifications v3.2
In Tanaza the Captive Portal functionalities are offered using an external radius server. To allow
the integration with Tanaza subsystem some specifications are required.
Logon procedure
When a client wants to access Internet, the following scenario takes place:
1. The wireless client associates with the Tanaza wireless network SSID;
2. The user makes an initial request for an URL in his web browser;
3. The Tanaza Ap redirects the user to an external splash page, through which the user
must authenticate to gain access to Internet.
The splash page is requested through an http or https get request including the following
http parameters:
Parameter Name
Description
ap_ip
ap_port
user_mac
ap_id
E.G.
If the MAC address of an Access Point is aa:bb:cc:dd:ee:ff or
aa-bb-cc-dd-ee-ff,
ap_id= AABBCCDDEEFF
ap_group
user_url
vendor
version
Example:
https://splash.url.com/?
ap_ip=192.168.0.1&ap_port=6666&user_mac=00:11:22:33:44:55&ap_id=CF0A74B100C4&ap_
group=hotel_yx&user_url=http://www.tanaza.com&vendor=tanaza&version=3
4. The user must authenticate on the splash page; the splash page must contain a form
that requests the following fields to the user:
1. username and password or
2. email and password or
3. email only or
4. accepting condition only or
5. social media authentication or
6. other auth information.
The form of the splash page must be submitted to a server-side page (can be the same
page), including all the information requested to the user (such as login/password) and
all the parameters specified in step 3.
5. The server-side page that receives the submitted form, uses the received parameters,
such as username, password, social media info, or anything else, in order to grant/deny
access. Once access is granted, the user browser is redirected to the following URL
using HTTP GET or HTTP POST request:
http://[ap_ip]:[ap_port]/logon
with the following params:
user=[user]&passwd=[passwd]&user_mac=[user_mac]&user_url=[user_url]&ap_id=[ap_id]
where:
Parameter Name
ap_ip
ap_port
user
Description
Mandatory
true
true
true
token
true
true
E.G.
If the MAC address of an Access Point is aa:bb:cc:dd:ee:ff
or aa-bb-cc-dd-ee-ff,
true
ap_id= AABBCCDDEEFF
user_url
duration
false
false
https://splash.url.com/?
ap_ip=192.168.0.1&ap_port=6666&user_mac=00:11:22:33:44:55&ap_id=CF0A74B100C4&ap_
group=hotel_yx&user_url=http://www.tanaza.com&vendor=tanaza&version=3
and the client fails the radius authentication, the client will be redirected to:
https://splash.url.com/?
ap_ip=192.168.0.1&ap_port=6666&user_mac=00:11:22:33:44:55&ap_id=CF0A74B100C4&ap_
group=hotel_yx&user_url=http://www.tanaza.com&vendor=tanaza&version=3&error=1
Logoff procedure
When a client wants to logoff, he clicks on the provided disconnect button, and the user should
be redirected to the following URL using HTTP GET request:
http://[ap_ip]:[ap_port]/logoff
where:
Parameter Name
ap_ip
ap_port
Description
Mandatory
true
true
Session Management
There are two timeouts that can be configured from the Tanaza Cloud: SESSION_TIMEOUT
and IDLE_TIMEOUT. Both of them can be specified through the Tanaza Cloud Dashboard
(cloud.tanaza.com) either manually or as parameters received by Radius.
The SESSION_TIMEOUT defines the duration of the session in seconds; this timeout is not
refreshable and when it expires the session is closed.
The IDLE_TIMEOUT defines the time of client inactivity (doesnt transmit nor receive packets) in
seconds after which the client is considered logged off.
RADIUS
NOTE: the identifier of the NAS (Network Access Server) of each Wi-Fi Access Point is the
upper case MAC address without the : or - char.
E.G.
If the MAC address of an Access Point is aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff,
NAS-identifier = AABBCCDDEEFF.
Contacts
Embedded Software Team - embed@tanaza.com