User profile for user: htechno
htechno Author
User level: Level 1
4 points

Hotspot authentication without pop-up CNA

Hi there,

I have a hotspot wifi network on equipment Mikrotik

To redirect from https pages I loaded SSL certificate.

Then I noticed a strange feature for Apple devices:

User connects to a WiFi network for the first time. CNA window pops up. The user enters a username and password to authenticate to the network.

User leaves the network, authorization is broken

User connects to a WiFi network the second and subsequent times. CNA window doesn't pop up, but I see from the logs that the user authenticate.


I captured traffic. user equipment communicates with Mikrotik. It feels like CNA sends the username and password from the cache.

If I disable https authentication, CNA window pops up every time.


How to force CNA opens every time with SSL in hotspot service?


Regards,

Pavel

iPhone 5s, iOS 10.2.1

Posted on Feb 28, 2017 1:06 AM

Reply
1 reply
User profile for user: anonyme4321
anonyme4321
User level: Level 6
17,275 points

Feb 28, 2017 1:29 AM in response to htechno

Hi,


You need to block clients3.google.com

If you want to make captive portal without internet do a DNS record like .* = ROUTER_IP

The Apple requirements for Wi-Fi popup are :


1.DNS request for http://www.apple.com must not fail

2.HTTP request for http://www.apple.com/library/test/success.html with special user agent CaptiveNetworkSupport/1.0 wispr must not return Success.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Hotspot authentication without pop-up CNA

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up