If I try to manually send the redirect in the browser here is what HA proxy records. This is a simple copy and paste in the browser and the output:
https://wifi.fispy.mx/captive-portal <https://wifi.fispy.mx/captive-portal>?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3 4875 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx} "GET /captive-portal?destination_url=https://portal.fispy.mx:8443/login?username=539z&password=0uf3 HTTP/1.1" It doesn’t let it go through as it seems that is trying to validate network connectivity > On Feb 6, 2022, at 4:07 PM, Jorge Nolla <jno...@gmail.com> wrote: > > Seems weird how the format of the URL is recorded/sent > > > Here is a normal redirect, the url is formatted correctly, > > > Feb 6 16:03:41 wifi haproxy[2427]: 10.99.1.20:63577 > [06/Feb/2022:16:03:41.232] portal-https-10.0.255.99~ > 10.0.255.99-backend/127.0.0.1 0/0/1/233/234 200 4910 - - ---- 2/1/0/0/0 0/0 > {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET > /captive-portal?destination_url=https://www.fispy.mx/ <https://www.fispy.mx/> > HTTP/1.1" > > I’m not sure why the value sent by the AP has all the % and weird symbols > destination%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin > <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login> > > >> On Feb 6, 2022, at 4:00 PM, Jorge Nolla <jno...@gmail.com >> <mailto:jno...@gmail.com>> wrote: >> >> Hi Fabrice, >> >> Here are the options that can be added: >> >> [AirEngine9700-M1-url-template-PacketFence]url-parameter ? >> ap-group-name AP group name >> ap-ip AP IP address >> ap-location AP location >> ap-mac AP MAC address >> ap-name AP name >> device-ip Device IP address >> device-mac Device MAC address >> login-url Device's login URL provided to the external portal server >> mac-address Mac address >> redirect-url The url in user original http packet >> set Set >> ssid SSID >> sysname Device name >> user-ipaddress User IP address >> user-mac User MAC address >> >> >> url-template name PacketFence >> url https://wifi.fispy.mx/captive-portal >> <https://wifi.fispy.mx/captive-portal> >> url-parameter device-ip ac-ip user-ipaddress userip ssid ssid user-mac >> ap-mac >> >> >> 200 9003 - - ---- 2/1/0/0/0 0/0 {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET >> /captive-portal?ac%2Dip=10%2E7%2E255%2E2&userip=10%2E9%2E70%2E173&ssid=FISPY%2DWiFi&ap%2Dmac=f02f4b1467d9 >> HTTP/1.1" >> >> >> If we do not specify the URL on this configuration, where would PacketFence >> get the value for the AC Web Authentication call? >> >> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> >> >> Best Regards, >> Jorge >> >>> On Feb 5, 2022, at 8:23 PM, Fabrice Durand <oeufd...@gmail.com >>> <mailto:oeufd...@gmail.com>> wrote: >>> >>> Hello Jorge, >>> >>> what we need is the user mac and the ap information. >>> I found that >>> https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template >>> >>> <https://support.huawei.com/enterprise/en/doc/EDOC1100008283/659354b1/display-url-template> >>> >>> Is it possible to add extra parameters like user-mac ssid ap-ip ap-mac ? >>> >>> And if yes can you provide me the url generated by the controller when it >>> redirect ? (haproxy-portal log) >>> >>> Regards >>> Fabrice >>> >>> >>> >>> Le sam. 5 févr. 2022 à 20:42, Jorge Nolla <jno...@gmail.com >>> <mailto:jno...@gmail.com>> a écrit : >>> Hi Team, >>> >>> Any input on this? We really would like to get this to work. >>> >>> Thank you! >>> Jorge >>> >>>> On Feb 2, 2022, at 7:48 PM, Jorge Nolla <jno...@gmail.com >>>> <mailto:jno...@gmail.com>> wrote: >>>> >>>> Hi Fabrice, >>>> >>>> This is the sequence: >>>> >>>> Feb 2 14:51:32 wifi haproxy[2427]: 10.9.79.52:61132 >>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:32.663] >>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1 <http://127.0.0.1/> >>>> 0/0/0/201/201 200 7146 - - ---- 3/1/0/0/0 0/0 {wifi.fispy.mx >>>> <http://wifi.fispy.mx/>} "GET /access?lang= HTTP/1.1" >>>> Feb 2 14:51:37 wifi haproxy[2427]: 10.9.79.52:61133 >>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:37.905] >>>> portal-http-10.0.255.99 static/127.0.0.1 <http://127.0.0.1/> 0/0/0/2/2 200 >>>> 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET >>>> /common/network-access-detection.gif?r=1643838705224 HTTP/1.1" >>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61130 >>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:43.927] >>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 >>>> <http://127.0.0.1/> 0/0/0/122/122 302 1018 - - ---- 4/1/0/0/0 0/0 >>>> {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET >>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>> HTTP/1.1" >>>> Feb 2 14:51:44 wifi haproxy[2427]: 10.9.79.52:61132 >>>> <http://10.9.79.52:61132/> [02/Feb/2022:14:51:44.060] >>>> portal-http-10.0.255.99 10.0.255.99-backend/127.0.0.1 <http://127.0.0.1/> >>>> 0/0/0/129/129 200 7146 - - ---- 4/2/0/0/0 0/0 {wifi.fispy.mx >>>> <http://wifi.fispy.mx/>} "GET /access?lang= HTTP/1.1" >>>> Feb 2 14:51:49 wifi haproxy[2427]: 10.9.79.52:61133 >>>> <http://10.9.79.52:61133/> [02/Feb/2022:14:51:49.219] >>>> portal-http-10.0.255.99 static/127.0.0.1 <http://127.0.0.1/> 0/0/0/1/1 200 >>>> 228 - - ---- 4/2/0/0/0 0/0 {10.0.255.99} "GET >>>> /common/network-access-detection.gif?r=1643838716546 HTTP/1.1" >>>> Feb 2 14:51:55 wifi haproxy[2427]: 10.9.79.52:61130 >>>> <http://10.9.79.52:61130/> [02/Feb/2022:14:51:55.287] >>>> portal-https-10.0.255.99~ 10.0.255.99-backend/127.0.0.1 >>>> <http://127.0.0.1/> 0/0/0/136/136 302 1018 - - ---- 4/1/0/0/0 0/0 >>>> {wifi.fispy.mx <http://wifi.fispy.mx/>} "GET >>>> /captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>> HTTP/1.1” >>>> >>>> >>>> >>>>> On Feb 2, 2022, at 7:12 PM, Fabrice Durand <oeufd...@gmail.com >>>>> <mailto:oeufd...@gmail.com>> wrote: >>>>> >>>>> Hello Jorge, >>>>> >>>>> i will have a look closer. >>>>> But i have a question, when the device is forwarded to the captive >>>>> portal, (just before >>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>> >>>>> <https://wifi.fispy.mx/captive-portal?switch_url=https://portal.fispy.mx:8443/login>) >>>>> , what is the url ? >>>>> You should be able to see it in the haproxy-portal.log file. >>>>> >>>>> Regards >>>>> Fabrice >>>>> >>>>> Le mer. 2 févr. 2022 à 10:18, Jorge Nolla <jno...@gmail.com >>>>> <mailto:jno...@gmail.com>> a écrit : >>>>> Hi Fabrice, >>>>> >>>>> >>>>> We almost have the configuration working, but are not sure how to get the >>>>> redirect to the client to work correctly. Attached is the documentation >>>>> for Cisco ISE which we used for PacketFence as well. >>>>> >>>>> Portal.fispy.mx <http://portal.fispy.mx/> is the Huawei AC. >>>>> >>>>> This is the format the client should get from PacketFence. This is the >>>>> only piece we are missing for this to work. >>>>> https://portal.fispy.mx:8443/login?username=($username)&password=($password) >>>>> >>>>> <https://portal.fispy.mx:8443/login?username=($username)&password=($password)> >>>>> >>>>> >>>>> If we manually click on the link above, then the flow of traffic works >>>>> correctly CLIENT > AC > RADIUS (PacketFence), and authentication works. >>>>> The problem is that when the user logs in to the portal the redirect is >>>>> broken. The parameter for the redirect that PacketFence is serving, comes >>>>> from a configuration parameter within the AC. This configuration works >>>>> fine for Cisco ISE, but the URL format is not working for PacketFence. >>>>> >>>>> >>>>> When we configure the redirect this is what the client is getting from >>>>> PacketFence >>>>> https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin >>>>> >>>>> <https://wifi.fispy.mx/captive-portal?switch%5Furl=https%3A%2F%2Fportal%2Efispy%2Emx%3A8443%2Flogin> >>>>> >>>>> >>>>> url-template name PacketFence >>>>> url https://wifi.fispy.mx/captive-portal >>>>> <https://wifi.fispy.mx/captive-portal> >>>>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >>>>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE PARAMETER FOR THE >>>>> REDIRECT TO PACKETFENCE >>>>> >>>>> >>>>> >>>>> AC CONFIG >>>>> >>>>> authentication-profile name PacketFence >>>>> portal-access-profile PacketFence >>>>> free-rule-template default_free_rule >>>>> authentication-scheme PacketFence >>>>> accounting-scheme PacketFence >>>>> radius-server PacketFence >>>>> force-push url https://www.fispy.mx <https://www.fispy.mx/> >>>>> >>>>> radius-server template PacketFence >>>>> radius-server shared-key cipher >>>>> %^%#*)l=:1.X-Yd$\<~orEF@]<}NMejv3)E^\6;7:NUY%^%# >>>>> radius-server authentication 10.0.255.99 1812 source ip-address >>>>> 10.7.255.2 weight 90 >>>>> radius-server accounting 10.0.255.99 1813 source ip-address 10.7.255.2 >>>>> weight 80 >>>>> undo radius-server user-name domain-included >>>>> calling-station-id mac-format unformatted >>>>> called-station-id wlan-user-format ac-mac >>>>> radius-server attribute translate >>>>> radius-attribute disable HW-NAS-Startup-Time-Stamp send >>>>> radius-attribute disable HW-IP-Host-Address send >>>>> radius-attribute disable HW-Connect-ID send >>>>> radius-attribute disable HW-Version send >>>>> radius-attribute disable HW-Product-ID send >>>>> radius-attribute disable HW-Domain-Name send >>>>> radius-attribute disable HW-User-Extend-Info send >>>>> >>>>> url-template name PacketFence >>>>> url https://wifi.fispy.mx/captive-portal >>>>> <https://wifi.fispy.mx/captive-portal> >>>>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >>>>> <https://portal.fispy.mx:8443/login> <<< THIS IS THE PARAMETER FOR THE >>>>> REDIRECT TO PACKETFENCE >>>>> >>>>> web-auth-server PacketFence >>>>> server-ip 10.0.255.99 >>>>> port 443 >>>>> url-template PacketFence >>>>> protocol http >>>>> http get-method enable >>>>> >>>>> portal-access-profile name PacketFence >>>>> web-auth-server PacketFence direct >>>>> >>>>> >>>>> authentication-scheme PacketFence >>>>> authentication-mode radius >>>>> >>>>> wlan >>>>> security-profile name FISPY-WiFi >>>>> >>>>> vap-profile name FISPY-WiFi >>>>> service-vlan vlan-id 900 >>>>> permit-vlan vlan-id 900 >>>>> ssid-profile FISPY-WiFi >>>>> security-profile FISPY-WiFi >>>>> authentication-profile PacketFence >>>>> sta-network-detect disable >>>>> service-experience-analysis enable >>>>> mdns-snooping enable >>>>> >>>>> >>>>> >>>>> >>>>> ###CISCO ISE CONFIG TO COMPARE### >>>>> >>>>> url-template name CISCO-ISE >>>>> url >>>>> https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02 >>>>> >>>>> <https://captive.fispy.mx:8443/portal/PortalSetup.action#portal=7cf5ac1d-5dbf-4b36-aeee-b9590fd24c02> >>>>> parameter start-mark # >>>>> url-parameter login-url switch_url https://portal.fispy.mx:8443/login >>>>> <https://portal.fispy.mx:8443/login> >>>>> >>>>> #################################### >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> On Feb 2, 2022, at 6:17 AM, Fabrice Durand <oeufd...@gmail.com >>>>>> <mailto:oeufd...@gmail.com>> wrote: >>>>>> >>>>>> Hello Jorge, >>>>>> >>>>>> do you have any Huawei documentation to implement that ? >>>>>> >>>>>> Regards >>>>>> Fabrice >>>>>> >>>>>> >>>>>> Le mer. 26 janv. 2022 à 15:59, Jorge Nolla via PacketFence-users >>>>>> <packetfence-users@lists.sourceforge.net >>>>>> <mailto:packetfence-users@lists.sourceforge.net>> a écrit : >>>>>> Hi Team, >>>>>> >>>>>> We were wondering if anyone has had any success in configuring Web Auth >>>>>> for the Huawei AC? It’s somewhat critical for us to get this going. >>>>>> >>>>>> Thank you! >>>>>> Jorge >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> <mailto:PacketFence-users@lists.sourceforge.net> >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>>>> >>>>> >>>>> >>>> >>> >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
