[isf-wifidog] Wifidog, portal page and Apple auto-login

acv acv at miniguru.ca
Sam 27 Aou 14:14:03 EDT 2011 

Knowing Apple, the login window will more or less be a Safari web browser
(or at least WebKit, which is almost the same thing).

Before rushing into this, it'd probably be a good idea to diagram the flow
for an Apple device and then the flow for a non-Apple device.

I have the feeling that this kind of state keeping logic will prove hard to
implement robustly on the auth server alone.

Alex

On Fri, Aug 26, 2011 at 03:46:41PM -0400, Genevive Bastien wrote:
> Date: Fri, 26 Aug 2011 15:46:41 -0400
> From: Geneviève Bastien <gbastien at versatic.net>
> To: wifidog at listes.ilesansfil.org
> Subject: Re: [isf-wifidog] Wifidog, portal page and Apple auto-login
> 
> On one hand we wouldn't want to ruin Apple user's UX, but the portal is 
> more than a read and go.  People might want to interact and navigate 
> from it, so even if we played with the accessibility of apple.com after 
> login, we would need to eventually grant this login and the page would 
> be gone.
> 
> Besides, the little browser Apple uses to show the login page is not a 
> full web browser and might not be the best to view the portal page.
> 
> Could we think of an intermediate state where, if the first request is 
> http://www.apple.com/library/test/success.htm 
> <http://www.apple.com/library/test/success.html>l, we log the user in 
> and allow all traffic on ports other than web, but the next web request 
> (hopefully from a browser) would show the portal page?
> 
> Any other ideas?
> 
> That feature is really annoying for us community networks!
> 
> Thanks,
> Geneviève
> 
> 
> On 11-08-26 10:32 AM, Max Horváth wrote:
> >I would strongly suggest to not deactivate the auto login feature for 
> >Apple products by fooling the devices that they could reach the Apple 
> >server.
> >
> >Apple device users are used to the auto login feature for WiFi 
> >networks with captive portals. So would basically screw the UX they 
> >are used to.
> >
> >If you really need to display the portal information, you either 
> >should manipulate the accessibility of 
> >http://www.apple.com/library/test/success.html after the login was 
> >successful. Then you could redirect to the portal instead of the login 
> >page. Or you should place information of the portal onto the login page.
> >
> >My 2 cents,
> >Max
> >
> >On 25.08.2011, at 19:40, Geneviève Bastien wrote:
> >
> >>Thanks for the answer, but that is not the issue.  It is more Apple 
> >>products bypassing the portal page, the whole login process is all fine.
> >>
> >>I found this: 
> >>http://blogs.oucs.ox.ac.uk/networks/2009/10/12/fixing-the-iphone-os-wifi-auto-login-problem/  
> >>Which may suggest that we could bypass the auto-login feature from the 
> >>server side by answering the request with the expected output.  The user 
> >>will then have to open a browser page to see the actual login and portal 
> >>pages.
> >>
> >>Geneviève
> >>
> >>
> >>On 11-08-25 01:12 PM, acv wrote:
> >>>Marcos' comments below are not completely accurate, the ping was not a 
> >>>test itself,
> >>>in fact the gateway never bothered reading the response... The idea was 
> >>>to cause
> >>>the client to generate activity. Then activity (measured in bytes 
> >>>received from
> >>>client since last polling) was used.
> >>>
> >>>In src/firewall.c, fw_sync_with_authserver() implements the timeout 
> >>>logic, it includes
> >>>this tidbit:
> >>>
> >>>         /* Ping the client, if he responds it'll keep activity on the 
> >>>         link.
> >>>	* However, if the firewall blocks it, it will not help. The suggested
> >>>	* way to deal witht his is to keep the DHCP lease time extremely
> >>>	* short: Shorter than config->checkinterval * config->clienttimeout 
> >>>	*/
> >>>
> >>>ping was to be a BACKUP way of generating activity but using DHCP as 
> >>>suggested here is
> >>>much more reliable.
> >>>
> >>>Cheers,
> >>>
> >>>Alexandre
> >>>
> >>>On Thu, Aug 25, 2011 at 01:06:29PM -0300, Marcos Tadeu wrote:
> >>>>Date: Thu, 25 Aug 2011 13:06:29 -0300
> >>>>From: Marcos Tadeu<marcos at v2r.com.br>
> >>>>To:wifidog at listes.ilesansfil.org
> >>>>Subject: Re: [isf-wifidog] Wifidog, portal page and Apple auto-login
> >>>>
> >>>>Can you ping the Apple products from wifidog captive portal machine,
> >>>>after login?
> >>>>If not, it is the problema: wifidog need to ping client to know that it
> >>>>is alive. If an firewall drop the ping, wifidog consider it dead. And...
> >>>>pouf.
> >>>>
> >>>>On 08/25/2011 12:38 PM, Geneviève Bastien wrote:
> >>>>>Hello all,
> >>>>>
> >>>>>We have a problem with the portal page and Apple products and their
> >>>>>auto-login feature.  Right now, when any iOs product and now Lion
> >>>>>connects to a wifidog router, they are shown the login page right
> >>>>>away, and the minute they have access to the internet (apple.com  
> >>>>><http://apple.com>
> >>>>>site), pouf! it's gone, so they never see the portal page.
> >>>>>
> >>>>>But the portal page is really important to us and this situation is
> >>>>>really annoying (40 to 50% of our users use Apple products!).
> >>>>>
> >>>>>Did anyone come up with a solution to this?  Or do you know any
> >>>>>captive portal solution that did?  Any ideas on the topic? (putting
> >>>>>apple.com  <http://apple.com>  in the walled garden is not a viable 
> >>>>>option)
> >>>>>
> >>>>>Thanks,
> >>>>>Geneviève
> >>>>>_______________________________________________
> >>>>>WiFiDog mailing list
> >>>>>WiFiDog at listes.ilesansfil.org
> >>>>>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >>>>_______________________________________________
> >>>>WiFiDog mailing list
> >>>>WiFiDog at listes.ilesansfil.org
> >>>>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >>>>
> >>>>
> >>>>_______________________________________________
> >>>>WiFiDog mailing list
> >>>>WiFiDog at listes.ilesansfil.org
> >>>>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >>
> >>_______________________________________________
> >>WiFiDog mailing list
> >>WiFiDog at listes.ilesansfil.org <mailto:WiFiDog at listes.ilesansfil.org>
> >>http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> >
> >
> >_______________________________________________
> >WiFiDog mailing list
> >WiFiDog at listes.ilesansfil.org
> >http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> 

> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 195 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20110827/5e4ad451/attachment.pgp>

Plus d'informations sur la liste de diffusion WiFiDog