Hotspot without authentication ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2018 11:55 PM
Hello, I have a third party Onboarding server - FortiConnect.
This server presents a login web GUI, where after authentication the user is directed to another page where they can download an onboarding app.
What I want Zonedirector to do is as follows:
- user connects to Zonedirector SSID.
- FIRST REDIRECT: Zonedirector redirects user to Forticonnect (have done this successfully with a Hotspot service)
- user authenticates on the ForitiConnect website
- SECOND REDIRECT: user is redirected by FortiConnect to another FortiConnect Onboarding download website (this is where it fails for me. I think Zonedirector is expecting authentication details and will not allow another redirect until it receives them ?)
So, how can create a Zonedirector Hotspot service which redirects to FortiConnect and then allows further redirects. I do not want Zonedirector to authenticate at all.
The only reason I want the Hotspot feature is to allow auto redirect to FortiConnect. Forticonnect will then handle authentication and redirects etc. completely separate from ZoneDirector.
This server presents a login web GUI, where after authentication the user is directed to another page where they can download an onboarding app.
What I want Zonedirector to do is as follows:
- user connects to Zonedirector SSID.
- FIRST REDIRECT: Zonedirector redirects user to Forticonnect (have done this successfully with a Hotspot service)
- user authenticates on the ForitiConnect website
- SECOND REDIRECT: user is redirected by FortiConnect to another FortiConnect Onboarding download website (this is where it fails for me. I think Zonedirector is expecting authentication details and will not allow another redirect until it receives them ?)
So, how can create a Zonedirector Hotspot service which redirects to FortiConnect and then allows further redirects. I do not want Zonedirector to authenticate at all.
The only reason I want the Hotspot feature is to allow auto redirect to FortiConnect. Forticonnect will then handle authentication and redirects etc. completely separate from ZoneDirector.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2018 12:00 AM
Any URL you want the users to be able to access before beining fully auithenticated need to be added to a walled garden. So try putting the url's you want to redirect to in the walled garden and test this. The walled garden is provisioned on the ZD
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2018 01:31 PM
Thank you. I have added walled garden entries but access to the second URL still fails.
My walled garden entries now include:
1. mwaklconnect1.domain.forest
2. 10.21.250.153/32 (which is the IP of mwaklconnect1.domain.forest)
So, the initial redirect which works points to:
1.
https://mwaklconnect1.domain.forest/portal/MW_Onboarding_portal/10.99.0.10
Then I also need a client to be able to access:
2. https://mwaklconnect1.domain.forest/portal/MW_Onboarding_portal/preview/success
Zonedirector seems to be preventing this second URL from loading and instead just directs users back to the original URL in step 1.
Can anyone suggest how to allow the second URL to load ?
My walled garden entries now include:
1. mwaklconnect1.domain.forest
2. 10.21.250.153/32 (which is the IP of mwaklconnect1.domain.forest)
So, the initial redirect which works points to:
1.
https://mwaklconnect1.domain.forest/portal/MW_Onboarding_portal/10.99.0.10
Then I also need a client to be able to access:
2. https://mwaklconnect1.domain.forest/portal/MW_Onboarding_portal/preview/success
Zonedirector seems to be preventing this second URL from loading and instead just directs users back to the original URL in step 1.
Can anyone suggest how to allow the second URL to load ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2018 03:09 PM
The only way I can think with hotspot is to set a redirect on the hotspot for post successful login. But the only way this will work is if the forticlient server can send a RADIUS accept to the ZD because this is what the ZD is expecting in a hotspot authentication.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2018 02:59 PM
Thank you, but what about walled garden? I thought the whole purpose of walled garden was to allow access to multiple whitelisted URLs without the need for Zonedirector to receive any RADIUS accept messages ?

