Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
radius:login_dynamic_keys [2024/02/13 14:14] – created systemradius:login_dynamic_keys [2024/02/13 14:28] (current) system
Line 1: Line 1:
 <nav type="pills" justified="false"> <nav type="pills" justified="false">
   * [[:user_manuals|Back to Documentation]]   * [[:user_manuals|Back to Documentation]]
-  * [[:radius:rad_kick|Dynamic Keys]]+  * [[:radius:login_dynamic_keys|Dynamic Keys]]
 </nav> </nav>
  
 ----- -----
 +
 +====== Dynamic Keys ======
 +===== Introduction =====
 +  * One of the most powerful features of login pages are the dynamic keys.
 +  * Unfortunately, it is also one of the most misunderstood.
 +  * This special wiki page aims to clarify the aspects surrounding dynamic keys.
 +
 +===== Login Page URL =====
 +==== Coova Chilli ====
 +  * When you connect to a captive portal based on Coova Chill, you will be redirected to the UAM URL.
 +  * Coova Chilli does this automatically and also formulates the query string that is automatically appended to the UAM URL.
 +  * The components and values of the query string are largely determined by Coova Chili's configuration settings.
 +  * Here is an example of the login page with its query string.
 +  * https://cloud.radiusdesk.com/login/bootstrap5/index.html?res=notyet&uamip=10.1.0.1&uamport=3990&challenge=fa6f27d215141b0b86f67b423352349a&called=0A-B4-B1-A2-87-AA&mac=68-17-30-D2-AC-AA&ip=10.1.1.0&ssid=our_internet_cafe&nasid=our_internet_cafe_mcp_34&sessionid=164365906100000001&userurl=http%3a%2f%2fdetectportal.firefox.com%2fcanonical.html&md=15CB9AD5DCFB726093B7B99CC4EAF6CC&i18n=fr_FR#
 +  * For example, with the Coova Chili configuration we have
 +        * nasid = our_internet_cafe_mcp34
 +        * ssid = our_internet_cafe
 +  * Some settings must be unique for the Coova Chili instance, e.g. nasid.
 +  * Other settings can be more general and shared by several Coova Chili instances, e.g. ssid.
 +  * If our login page has not yet been configured with dynamic keys, you will see the following screen.
 +
 +<panel type="primary">
 +{{:radius:login_pages:dynamic_keys.png|}}
 +</panel>
 +
 +==== Mikrotik ====
 +  * Mikrotik Hotspots work more or less in a similar way.
 +  * If you configure the Mikrotik to use a central login page the replacement login.html page will look something like this
 +<code html>
 +<center>If you are not redirected in a few seconds, click 'continue' below<br>
 +<form name="redirect" action="https://cloud.radiusdesk.com/cake3/rd_cake/dynamic-details/mikrotik-browser-detect" method="post">
 +    <input type="hidden" name="loginlink" value="$(link-login-only)">
 +    <input type="hidden" name="nasid" value="$(identity)">
 +    <input type="hidden" name="link_status" value="$(link-status)">
 +    <input type="hidden" name="link_login_only" value="$(link-login-only)">
 +    <input type="hidden" name="link_logout" value="$(link-logout)">
 +    <input type="hidden" name="mac" value="$(mac-esc)">
 +    <input type="hidden" name="type" value="mikrotik">
 +    <input type="hidden" name="ssid" value="our_internet_cafe">
 +    <input type="submit" value="continue">
 +</form>
 +<script language="JavaScript">
 +<!--
 +   document.redirect.submit();
 +//-->
 +</script>
 +</code>
 +  * Here the Mikrotik will POST some additional data to the CakePHP controller which the controller can then use.
 +  * With Mikrotik, you have more control over the elements that are included in the POST.
 +  * You can even specify your own elements with the values you want.
 +  * Like the Coova Chili pages, the Mikrotik also displays a list of available elements if the dynamic keys have not yet been configured.
 +
 +
 +===== Connecting a Login Page with Captive Portal =====
 +  * The dynamic keys are used by RADIUSdesk to determine which login page should be served.
 +  * You can use any of the listed elements and add it as a dynamic key to a login page
 +  * Login pages can also contain several dynamic keys.
 +  * For example, if you have a very specific login page that should only be displayed by a specific captive portal, you can use the nasid.
 +  * If, on the other hand, you have a hotel chain and want to use the same page on ALL captive portals of these hotels, you can use a more general element, e.g. ssid.
 +  * You can also combine them without any problems.
 +<panel type="primary">
 +{{:radius:login_pages:dynamic_keys_specific_generic1.png|}}
 +</panel>
 +
 +===== A final word about Coova Chilli =====
 +  * You may have noticed that the example URL for the login page we have provided for Coova Chili is different from the typical URL we provide as the UAM URL.
 +  * The typical one is:  https://cloud.radiusdesk.com/cake3/rd_cake/dynamic-details/chilli-browser-detect/
 +  * What then happens behind the scenes is that the CakePHP controller redirects to the final login page.
 +  * This location is determined by the value of the page's theme.
 +  * The controller also appends the language component to the query string of the URL, e.g. i18n=fr_FR, so that the page is displayed in French.
 +
  • radius/login_dynamic_keys.1707826491.txt.gz
  • Last modified: 2024/02/13 14:14
  • by system