Dynamic Keys

• One of the most powerful features of login pages are the dynamic keys.
• Unfortunately, it is also one of the most misunderstood.
• This special wiki page aims to clarify the aspects surrounding dynamic keys.

• When you connect to a captive portal based on Coova Chill, you will be redirected to the UAM URL.
• Coova Chilli does this automatically and also formulates the query string that is automatically appended to the UAM URL.
• The components and values of the query string are largely determined by Coova Chili's configuration settings.
• Here is an example of the login page with its query string.
• https://cloud.radiusdesk.com/login/bootstrap5/index.html?res=notyet&uamip=10.1.0.1&uamport=3990&challenge=fa6f27d215141b0b86f67b423352349a&called=0A-B4-B1-A2-87-AA&mac=68-17-30-D2-AC-AA&ip=10.1.1.0&ssid=our_internet_cafe&nasid=our_internet_cafe_mcp_34&sessionid=164365906100000001&userurl=http%3a%2f%2fdetectportal.firefox.com%2fcanonical.html&md=15CB9AD5DCFB726093B7B99CC4EAF6CC&i18n=fr_FR#
• For example, with the Coova Chili configuration we have
  • nasid = our_internet_cafe_mcp34
  • ssid = our_internet_cafe
• Some settings must be unique for the Coova Chili instance, e.g. nasid.
• Other settings can be more general and shared by several Coova Chili instances, e.g. ssid.
• If our login page has not yet been configured with dynamic keys, you will see the following screen.

• Mikrotik Hotspots work more or less in a similar way.
• If you configure the Mikrotik to use a central login page the replacement login.html page will look something like this

<center>If you are not redirected in a few seconds, click 'continue' below<br>
<form name="redirect" action="https://cloud.radiusdesk.com/cake3/rd_cake/dynamic-details/mikrotik-browser-detect" method="post">
    <input type="hidden" name="loginlink" value="$(link-login-only)">
    <input type="hidden" name="nasid" value="$(identity)">
    <input type="hidden" name="link_status" value="$(link-status)">
    <input type="hidden" name="link_login_only" value="$(link-login-only)">
    <input type="hidden" name="link_logout" value="$(link-logout)">
    <input type="hidden" name="mac" value="$(mac-esc)">
    <input type="hidden" name="type" value="mikrotik">
    <input type="hidden" name="ssid" value="our_internet_cafe">
    <input type="submit" value="continue">
</form>
<script language="JavaScript">
<!--
   document.redirect.submit();
//-->
</script>

• Here the Mikrotik will POST some additional data to the CakePHP controller which the controller can then use.
• With Mikrotik, you have more control over the elements that are included in the POST.
• You can even specify your own elements with the values you want.
• Like the Coova Chili pages, the Mikrotik also displays a list of available elements if the dynamic keys have not yet been configured.

• The dynamic keys are used by RADIUSdesk to determine which login page should be served.
• You can use any of the listed elements and add it as a dynamic key to a login page
• Login pages can also contain several dynamic keys.
• For example, if you have a very specific login page that should only be displayed by a specific captive portal, you can use the nasid.
• If, on the other hand, you have a hotel chain and want to use the same page on ALL captive portals of these hotels, you can use a more general element, e.g. ssid.
• You can also combine them without any problems.

• You may have noticed that the example URL for the login page we have provided for Coova Chili is different from the typical URL we provide as the UAM URL.
• The typical one is: https://cloud.radiusdesk.com/cake3/rd_cake/dynamic-details/chilli-browser-detect/
• What then happens behind the scenes is that the CakePHP controller redirects to the final login page.
• This location is determined by the value of the page's theme.
• The controller also appends the language component to the query string of the URL, e.g. i18n=fr_FR, so that the page is displayed in French.