Prevent Captive Portal auto-close after authentication (Android)

zgc7009 picture zgc7009 · Jan 21, 2016 · Viewed 13.8k times · Source

So the simple idea is that we have a RADIUS server setup to allow users to authenticate with our Ruckus controller via user credentials. On authentication the user should be redirected to a page that allows them to manage MAC authenticated devices.

On everything we have tested so far, including "older" Android devices this seems to be no issue and things run as they should. However with Lollipop (5.0+) versions of Android the captive portal has changed quite a bit, and part of that change is to automatically close the captive portal that launches when you join the network. Because we want them to be redirected to a MAC device management page after authentication so they can add the device they currently logged in with and avoid having to log in again, this is bad.

What I have tried:

  1. Detecting if the browser is being launched in a mobile device and popping an alert in onbeforeunload that attempts to keep the browser open.

  2. Opening a new browser window, pointing to the redirection URL, when successful authentication is detected (essentially managing the redirect ourselves).

  3. Performing Option 2, and then Option 1 on the redirected URL

What won't work:

  • Asking users to disable the captive portal option on their device. Not trying to point general users to advanced controls.

  • Creating an open network to access the MAC manager, it must be behind some authentication.

Solution For Now:

We are unhappy with this solution, but for now we are simply asking users to authenticate with the network and then open their browser and go to the basic login portal page (non-network authentication) that users use to manually add devices they can't connect with (like printers, gaming devices, etc.). Though this works, it is a pain for users to have to login, open a browser, manually enter a url, and login again.

This isn't a problem that people haven't run into, see here, I just haven't been able to find a solution from anyone that has run into the problem. Certainly there is some way of utilizing javascript or something to keep the browser open in this situation. If not, anyone have any better ideas for managing things?

Answer

Johann Combrink picture Johann Combrink · Jun 2, 2017

We have managed to keep the UAM Browser / captive portal browser open on lollipop by adding firewall rules blocking :

  • clients3.google.com
  • clients1.google.com ,
  • android.clients.google.com
  • connectivitycheck.android.com
  • connectivitycheck.gstatic.com

Thus after the user is authenticated the UAM / Captive Browser stays open.

You can keep UAM open as long as you need, you can close it by invoking a reverse proxied 204 redirect to google's connectivity page.