Technical Note: Improve the Captive Portal experience for users with HTTPS home pages
Products
FortiNAC
Description
Improve the Captive Portal experience for users with HTTPS home pages
Solution
When devices are isolated and they open a browser, the user is presented with an SSL error instead of the Captive Portal when the user has a homepage that redirects to HTTPS. 

Most homepages are set to something like "www.google.com" and the web server is responsible for redirecting the browser to "https://www.google.com", causing the error since Network Sentry does not have a valid certificate for google.com or whatever HTTPS site is being hit.

An improvement can be made by allowing the browser to hit the Login Menu of the Captive Portal on HTTP before forcing HTTPS on the pages that require credentials.

Here are some steps that improve the experience that isolated devices have when their home pages are set to a site that redirects to HTTPS:

  1. SSH to the Application Server or Control Application Server

  2. vi /etc/httpd/conf.d/00_mod_macro.conf

  3. Change

        Use YAMS_RedirectToHTTPS $name

    To

        # Use YAMS_RedirectToHTTPS $name

  4. service httpd restart

  5. In the Network Sentry Admin UI, navigate to "System --> Portal Configuration"

  6. Expand the "Registration" branch

  7. Add the following JavaScript to the "Left Column Content" field of every page the customer is using that accepts user credentials (Standard User Login, Self Registration Login, Primary Guest Login, Secondary Guest Login, Game Device Registration and Custom Login):

    <script language="javascript">
         if (window.location.protocol != "https:")
         window.location.href = "https:" + window.location.href.substring(window.location.protocol.length);
    </script>

Keep in mind that this is not perfect and that if someone specifically types in https before a URL they are browsing to, they may still get an SSL certificate error.
Last Modified Date: 09-28-2018 Document ID: FD42258