Working with external portals

In our previous section, we explained about how to manage login portals hosted on RansNet cloud server.

This section covers the scenario, where customer wants to host the login portal on their own public web server so that they can have more flexibility to update changes.

Just load attached file to a standard apache web server, make neccessary config on apache so that you can browse to http://<custom-url>/index.html

It is possible to customize the portal by adding any new contents or changing existing text, except we must take note below:

  • do not delete existing files
  • for index.html, do NOT change
    • the explicit <script> section in header
    • the <form> segment in body

After the customization is done, you should be able to access it with a standard browser, eg. http://<custom-url>/index.html. Once it looks as expected, configure the URL to your mbox hotspot configuration.

NOTE: the <custom-url> must be added to your "bypass-dst" list; and if you have embedded other URLs within your portal, as part of the customization, these URLs must be on the bypass-dst list too (they must be explicitly permitted before login.)

Attached are templates to customize below features:

  • Login with local RADIUS accounts (pre-created by administrator or operator)
  • Login with social media account: facebook and gmail

Customers can take the base template source code and customize to their own designs, then the final designed/customized template can be hosted on RansNet or on customer external web server. Please follow below instructions for customization.

Structure of the folder

1. mbox-config.php

1.1. it configures the template

1.1.1. Turn on/off traditional login

set $login_extern to true/false

1.1.2. Turn on/off secure encryption on traditional login (default on)

set $credential_encrypted to true/false

1.1.3. Turn on/off facebook login

set $login_facebook to true/false

if it is true, please include facebook id (define FACEBOOK_APPID) and token (define FACEBOOK_APPTOKEN)

1.1.4. Turn on/off gmail login

set $login_gmail to true/false

if it is true, please include gmail id (define GMAIL_APPID) and token (define GMAIL_APPTOKEN)

1.2. Default Values

1.2.1. By default, it is ON

1.2.2. Facebook ID: using Ransnet Facebook ID

1.2.3. GMail ID: using Ransnet GMail ID. However, due to gmail login limitation, have to be different ID for each customer

2. login.php

the landing page UI design.

2.1. Traditional Login

2.1.1. There must be two form items, namely, "username" and "password". Please don't remove or rename.

2.1.2. Must be form POST.

2.2. Facebook Login

The facebook link should be $loginurl_facebook

2.3. Gmail Login

The Gmail link should be $loginurl_gmail

2.4. Login Preference

if there is valid facebook session found, it will use facebook login automatically; otherwise, if there is valid gmail session, gmail login will be used automatically; otherwise, the login page will be shown.

3. failure.php

displayed when there is error to login into hotspot service. The text description is $reason.

NOTE: for configuration on mbox for social media integration, please refer to this link.


SAMPLE CONFIG ON HSG/HSA

---------------------------

security hotspot vlanxx hotspot-wan vlanyy client-dhcp 10.10.0.0 255.255.0.0 lease 900 client-dhcp-dns 8.8.8.8 8.8.4.4 client-local-access yes <---this is needed if portal server is on another VLAN of HSG (not needed for HSA) bypass-domain .ransnet.com bypass-dst external_portal_server_ip,others <--port server IP must be permitted hotspot-encryptiv 3132333435361111 <---must be the same on both server and HSG hotspot-encryptkey 64656d6f6b651111 <---must be the same on both server and HSG radius-server (local_or_external_radius) testing123 hotspot-portal external hotspot-portal http://(external_portal_server_ip)/cp-g-premium/login.php key demo <---portal key must match on both side hotspot-splash http://splash.ransnet.com/splash/ransnet.php <---this must be configured. make sure have dns rewrite config for splash.ransnet.com to point to local loopback or an HSG IP (if using HSA) start