Webauth
(→Customize) |
(→Introduction) |
||
Line 2: | Line 2: | ||
== Introduction == | == Introduction == | ||
"Web Auth" brings you below features: | "Web Auth" brings you below features: | ||
− | * "User & Pass Auth": correct username and password are required to access internet. | + | * "User & Pass Auth": correct username and password are required to access internet. You can use WFilter local accounts service or third party services(Email, LDAP, Radius) for authentication. |
* "Third Party Auth": interface for third party authentication. The authentication logic is done via a third party service. For example: | * "Third Party Auth": interface for third party authentication. The authentication logic is done via a third party service. For example: | ||
** Facebook Wi-Fi | ** Facebook Wi-Fi |
Revision as of 09:06, 23 July 2017
Contents |
1 Introduction
"Web Auth" brings you below features:
- "User & Pass Auth": correct username and password are required to access internet. You can use WFilter local accounts service or third party services(Email, LDAP, Radius) for authentication.
- "Third Party Auth": interface for third party authentication. The authentication logic is done via a third party service. For example:
- Facebook Wi-Fi
- WeChat Wi-Fi
Together with other modules, you can:
- Display usernames for client devices.(Real-time Bandwidth)
- Record internet activites by username.(Logs & Reports)
- Set access policy by username.(Access Policy)
- Query webauth login history.(Accounts)
2 User & Pass Auth
When enabled, clients in the target ip ranges will be required for username and password when browsing webpages.
Settings:
- IP Range: ip ranges to enable "User & Pass Auth".
- Auth Type
- "Local Auth": authenticate with username and password of local accounts. This user shall enable "Web" access in Local_Account.
- "Email Auth": send credentials to a pop/imap email server for authentication.
- "Ldap Auth": send credentials to a ldap server for authentication.
- "Radius Auth": send credentials to a remote radius server for authentication.
- Timeout: re-authentication is required on timeout.
3 Third Party Auth
- Landing page: default landing page after "facebook check in" or "wechat check in".
- Port: listening port of the authentication page.
- Edit Auth Page: edit content of the authentication page.
- Bound to a local user: bound the authenticated user to a local user. So you can set policy and get reports of the "third party authed users".
3.1 WeChat WiFi
"WeChat WiFi" is integrated by default. With this option, client devices can access internet by clicking "WeChat WiFi" in smartphone's browsers. You need to setup "WeChat Wifi" in your WeChat public account platform.
For more about WeChat Wifi, please check: https://wifi.weixin.qq.com/biz/mp/join-process.xhtml
3.2 Facebook Wi-Fi
Facebook Wi-Fi lets customers check in to participating businesses on Facebook for free Wi-Fi access. When people check in to your Page, you can share offers and other announcements with them.
You need to click "Register Facebook Page" to associate WFilter with your business facebook page.
When a smartphone is connected, visiting any webpage(http) will be redirected to the authenticate page.
For more about Facebook Wi-Fi, please check: https://www.facebook.com/help/126760650808045/
3.3 Customize
When enabled, clients in the target ip range will be redirected to the "Auth URL", you can do what you want in the "Auth URL", for example:
- Require the client to like a facebook page, or sharing a post.
- Display advertises.
- And others.
When authenticated, you need to redirect client to the "Verify URL". For details, please check WFilter Third Party Auth API
4 Exception
- MAC White List: mac addresses in this list do not require authentication.
- Domain Exception: domains in this list can be visited without authentication.