Background
Every Captive Portal has a login page that gets presented to the user to log in with.
Since this is the first contact that a user has with our system, we want to give the user a trouble free and pleasant experience.
With the release of Beta-4 of YFi Hotspot Manager, we include a login page which aims to do just that.
The current login page went through a few development stages. Those stages were documented, and those documents proved to be valuable at one stage.
The following links can still be used to reach them should the need arise:
Philosophy
We follow the following philosophy with the login page:
- It should be easy to log into the Captive Portal for all Web browsers.
- It should be possible log in using a Web browser without Javascript. (simple mobile devices)
- It should be possible to make any web page in the Internet a login page (using Javascript)
- We use nice graphics and a logo on the login page to create a good first impression.
Implementing the login page
http://127.0.0.1/coova_json/hs_land.php
The login process
- It always helps when troubleshooting if you understand how things work. This section will explain the login process of Coova Chilli.
- Coova Chilli has two variables (one is optional but we use it) which determines the login page. These variables sits in the file /usr/local/etc/chilli/config. This file is a copy of /usr/local/etc/chilli/default which gets modified in order to change the default values.
-
HS_UAMFORMAT: This variable is compulsory and determines which page will be used to log in with. Remember to use the HS_UAMSERVER variable when defining this variable. A typical setup will look as follows:
HS_UAMSERVER=yfi.co.za
HS_UAMFORMAT=https://\$HS_UAMSERVER/coova_json/hs_land.php
-
HS_UAMHOMEPAGE: This variable is usually a splash page. A splash page displays a logo an redirects to the page defined in HS_UAMFORMAT. Again a typical setup:
# Same principal goes for HS_UAMHOMEPAGE.
HS_UAMHOMEPAGE=https://\$HS_UAMSERVER/coova_json/splash.php
HS_UAMHOMEPAGE -> The Splash Page
- After a client machine got an IP address form Coova Chilli, and they attempt to go into the Internet (Port80 using a browser) the browser will be redirected to the page specified for HS_UAMHOMEPAGE.
- This page gets called with a query string: http://en.wikipedia.org/wiki/Query_string
- We extract the value of field 'loginurl' and redirect the browser to the value specified for loginurl. This will be the same value as that specified for HS_UAMFORMAT with an added query string.
- The URL for a typical redirect to the splash page will look like this:
https://yfi.org.za/coova_json/splash.php?loginurl=https%3a%2f%2fcaptive.yfi.org.za%2fcoova_json%2fhs_land.php%3fres%3dnotyet%26uamip%3d10.1.0.1%26uamport%3d3990%26challenge%3dfeb3fd83ffbf751365798ff39c0fb9f3%26mac%3d00-0C-F1-5F-58-0B%26ip%3d10.1.1.129%26called%3d00-22-19-82-A9-0A%26nasid%3dYFI%26userurl%3dhttp%253a%252f%252fiol.co.za%252f%26md%3dD8CA54A62B17AC6A905795C5E5E61CB7
HS_UAMFORMAT -> The Login Page
- Continuing with the above example, the call to the login page will look as follows:
https://yfi.org.za/coova_json/hs_land.php?res=notyet&uamip=10.1.0.1&uamport=3990&challenge=feb3fd83ffbf751365798ff39c0fb9f3&mac=00-0C-F1-5F-58-0B&ip=10.1.1.129&called=00-22-19-82-A9-0A&nasid=YFI&userurl=http%3a%2f%2fiol.co.za%2f&md=D8CA54A62B17AC6A905795C5E5E61CB7
- hs_land.php extracts the values of userurl and challenge from the query string to send to the login.php page (along with the username and password)
- When a user supplied their credentials and click OK we are redirected to login.php
login.php
- This page will extract userurl, challenge, username and password form the http POST attributes.
-
The challenge, along with the password and a shared secret between Coova Chilli and this page (variable $uamsecret) are encrypted to a new value.
$uamsecret = 'greatsecret'; //Change this to be the same as your chilli's configuration
-
This is then used to attempt to log into Coova Chilli.
$target = "http://$server_ip".':'.$port.$dir."?username=$username&password=$enc_pwd&userurl=$redir";
-
The Coova Chilli will decrypt the encrypted value of $enc_pwd and send that along with the username to the RADIUS server.
-
Since CoovaChilli? and login.php has this shared secret the decrypted value should be the user's password.
-
The RADIUS server will then try and authenticate the user.
- After the authentication the user gets redirected to the Login Page (hs_land.php).
- Depending on the value of res in the query string, the user will be either redirected onto the Internet or a Failure page will be displayed.
Alternate login pages
- The hs_land.php page also features a link to a stripped down login page (mobile.php) intended for simple mobile devices with limited display and Java Script capabilities.
- There is also a link to the JSON login page (/yfi/uam_json.html). You can read all about the latest JSON login page on the following link: JSON login page using Dojo's Dijits
Overview
- This wiki page contains a lot of information. This section will summarize important points to remember and check.
Hello i am finding it deep trouble configuring coova chilli with freeradiaus2 , I have installed chap modules, free radius , sql and common packages to work, but after a landing page when i enter username and password i am stuck to a waiting message
my radius debug gives me
: Could not link driver rlm_sql_mysql: file not found
Error: Make sure it (and all its dependent libraries!) are in the search path of your system's ld.
although driver is present is usr/lib/freeradius2
help out to get it working or give me tutorial to bypass radius server, as my requirement is a landing page with my company features and accpet terms only
Looking forward to hear anygood from you