Users with a https home page are not redirected when using web-passthrough on WLC 5508

Answered Question
Jul 19th, 2012

I have a Cisco 5508 running version 7.0.116.0.  This controller hosts an open public wifi that requires users to accept a terms agreement via a Web-Passthrough setup that redirects them to the terms splash page.  For most people this works without any issue.  However, if a user has their homepage for their default browser set to a https site, such as https://www.google.com, then they are never redirected to the terms splash page.  The page will just spin and spin until finally they get a timeout error.

Has anyone else had this experience?  If so did you find a solution or is this some sort of short coming of the controller?

Any and all comments/information is appreciated!

Thanks,

Jim

I have this problem too.
0 votes
Correct Answer by rsreeves1 about 1 year 8 months ago

This is a known issue (see bug ID CSCar04580).

CSCar04580 Bug Details

web auth (redirect) doesn't work when client users a https url
Symptom:

A client whose home page is an HTTPS (HTTP over SSL, port 443) one will never
be redirected by Web Auth to the web authentication dialog. Therefore, such
a client will not know to authenticate, and will fail to connect to the
network.

Workaround:

The client should attempt to open any HTTP (port 80) web page.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
Correct Answer
rsreeves1 Thu, 07/19/2012 - 12:37

This is a known issue (see bug ID CSCar04580).

CSCar04580 Bug Details

web auth (redirect) doesn't work when client users a https url
Symptom:

A client whose home page is an HTTPS (HTTP over SSL, port 443) one will never
be redirected by Web Auth to the web authentication dialog. Therefore, such
a client will not know to authenticate, and will fail to connect to the
network.

Workaround:

The client should attempt to open any HTTP (port 80) web page.

jimontherock Sun, 07/22/2012 - 11:13

Thanks for the reply rsreeves1.  You have just solved a long standing "mystery" in my organization!

Scott Fella Mon, 07/23/2012 - 10:55

https has never worked from me, even way back in the days when I started implementing webauth.

rsreeves1 Mon, 07/23/2012 - 12:29

By the way, this is not an issue if you configure the controller to use HTTPS for the passthrough page since it will redirect port 80 connections to port 443 (just not the other way around).  As far as I'm aware, this is the closest you'll get to a workaround solution.  Unfortunately, it's a bit of a hassle, primarily due to having to deal with the SSL cert.

If you decide to go this route, check out this terrific document, originally published by Nicolas Darchis:

https://supportforums.cisco.com/docs/DOC-13954

There's a LOT of extremely useful information here, including a section that covers how to manage web-login certs.  I'd recommend reading through this entire doc whenever you have the time since it has several bits of info that I've never found anywhere else.

-Rob

saravlak Fri, 07/27/2012 - 11:25

Cisco will not fix this bug though this bug is 10years old.

it will not ever be addressed.  In fact, it is really a bogus request - if someone has configured their home page as https://mybank.com/myaccount - and presumably they have a cert chain installed on their client to validate that server - then it would be fraudulent (in a sense) for us to try to present some bogus cert representing us as "mybank.com".  We should never try to hijack someone's https session.

Modern systems (e.g. Windows 7) are smart enough to figure out whether a given WLAN wants webauth - that's the solution.

Actions

Login or Register to take actions

This Discussion

Posted July 19, 2012 at 9:32 AM
Stats:
Replies:7 Avg. Rating:5
Views:478 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard