cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1935
Views
5
Helpful
7
Replies

Users with a https home page are not redirected when using web-passthrough on WLC 5508

jimontherock
Level 1
Level 1

I have a Cisco 5508 running version 7.0.116.0.  This controller hosts an open public wifi that requires users to accept a terms agreement via a Web-Passthrough setup that redirects them to the terms splash page.  For most people this works without any issue.  However, if a user has their homepage for their default browser set to a https site, such as https://www.google.com, then they are never redirected to the terms splash page.  The page will just spin and spin until finally they get a timeout error.

Has anyone else had this experience?  If so did you find a solution or is this some sort of short coming of the controller?

Any and all comments/information is appreciated!

Thanks,

Jim

1 Accepted Solution

Accepted Solutions

rsreeves1
Level 1
Level 1

This is a known issue (see bug ID CSCar04580).

CSCar04580 Bug Details

web auth (redirect) doesn't work when client users a https url
Symptom:

A client whose home page is an HTTPS (HTTP over SSL, port 443) one will never
be redirected by Web Auth to the web authentication dialog. Therefore, such
a client will not know to authenticate, and will fail to connect to the
network.

Workaround:

The client should attempt to open any HTTP (port 80) web page.

View solution in original post

7 Replies 7

rsreeves1
Level 1
Level 1

This is a known issue (see bug ID CSCar04580).

CSCar04580 Bug Details

web auth (redirect) doesn't work when client users a https url
Symptom:

A client whose home page is an HTTPS (HTTP over SSL, port 443) one will never
be redirected by Web Auth to the web authentication dialog. Therefore, such
a client will not know to authenticate, and will fail to connect to the
network.

Workaround:

The client should attempt to open any HTTP (port 80) web page.

Thanks for the reply rsreeves1.  You have just solved a long standing "mystery" in my organization!

This issue is on 4400s as well. Just tested it ..

Good post ! +5

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

https has never worked from me, even way back in the days when I started implementing webauth.

-Scott
*** Please rate helpful posts ***

LOL.. I guess I never came across this issue before now ..

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

By the way, this is not an issue if you configure the controller to use HTTPS for the passthrough page since it will redirect port 80 connections to port 443 (just not the other way around).  As far as I'm aware, this is the closest you'll get to a workaround solution.  Unfortunately, it's a bit of a hassle, primarily due to having to deal with the SSL cert.

If you decide to go this route, check out this terrific document, originally published by Nicolas Darchis:

https://supportforums.cisco.com/docs/DOC-13954

There's a LOT of extremely useful information here, including a section that covers how to manage web-login certs.  I'd recommend reading through this entire doc whenever you have the time since it has several bits of info that I've never found anywhere else.

-Rob

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

Cisco will not fix this bug though this bug is 10years old.

it will not ever be addressed.  In fact, it is really a bogus request - if someone has configured their home page as https://mybank.com/myaccount - and presumably they have a cert chain installed on their client to validate that server - then it would be fraudulent (in a sense) for us to try to present some bogus cert representing us as "mybank.com".  We should never try to hijack someone's https session.

Modern systems (e.g. Windows 7) are smart enough to figure out whether a given WLAN wants webauth - that's the solution.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: