Customizing authentication pages
Customized authentication pages exist in the form of HTML files. You can compress them and then save them in the storage medium of the access device.
A set of authentication pages includes six main authentication pages and their page elements. The six main authentication pages are the logon page, the logon success page, the logon failure page, the online page, the system busy page, and the logoff success page. The page elements refer to the files that the authentication pages reference, for example, back.jpg for page Logon.htm. Each main authentication page can reference multiple page elements. If you define only some of the main authentication pages, the system will use the default authentication pages for the undefined ones.
For the local portal server to operate normally and steadily, follow the following rules when customizing authentication pages:
Rules on file names
The main authentication pages have predefined file names, which cannot be changed.
Table 12: Main authentication page file names
Main authentication page | File name |
---|---|
Logon page | logon.htm |
Logon success page | logonSuccess.htm |
Logon failure page | logonFail.htm |
Online page Pushed after the user gets online for online notification | online.htm |
System busy page Pushed when the system is busy or the user is in the logon process | busy.htm |
Logoff success page | logoffSuccess.htm |
NOTE: You can define the names of the files other than the main authentication page files. The file names and directory names are case-insensitive. | ||
Rules on page requests
The local portal server supports only Post and Get requests.
Get requests are used to get the static files in the authentication pages and allow no recursion. For example, if file Logon.htm includes contents that perform Get action on file ca.htm, file ca.htm cannot include any reference to file Logon.htm.
Post requests are used when users submit username and password pairs, log on the system, and log off the system.
Rules on Post request attributes
Observe the following requirements when editing a form of an authentication page:
An authentication page can have multiple forms, but there must be one and only one form whose action is logon.cgi. Otherwise, user information cannot be sent to the local portal server.
The username attribute is fixed as PtUser, and the password attribute is fixed as PtPwd.
Attribute PtButton is required to indicate the action that the user requests, which can be Logon or Logoff.
A logon Post request must contain PtUser, PtPwd, and PtButton attributes.
A logoff Post request must contain the PtButton attribute.
Authentication pages logon.htm and logonFail.htm must contain the logon Post request.
The following example shows part of the script in page logon.htm.
<form action=logon.cgi method = post > <p>User name:<input type="text" name = "PtUser" style="width:160px;height:22px" maxlength=64> <p>Password :<input type="password" name = "PtPwd" style="width:160px;height:22px" maxlength=32> <p><input type=SUBMIT value="Logon" name = "PtButton" style="width:60px;" onclick="form.action=form.action+location.search;> </form>
Authentication pages logonSuccess.htm and online.htm must contain the logoff Post request.
The following example shows part of the script in page online.htm.
<form action=logon.cgi method = post > <p><input type=SUBMIT value="Logoff" name="PtButton" style="width:60px;"> </form>
Rules on page file compression and saving
A set of authentication page files must be compressed into a standard zip file. The name of a zip file can contain only letters, numerals, and underscores. The zip file of the default authentication pages must be saved with name defaultfile.zip.
The set of authentication pages must be located in the root directory of the zip file.
Zip files can be transferred to the device through FTP or TFTP. The default authentication pages file must be saved in the root directory of the device, and other authentication files can be saved in the root directory or the portal directory under the root directory of the device.
Examples of zip files on the device:
<Sysname> dir Directory of flash:/portal/ 0 -rw- 1405 Feb 28 2011 15:53:31 ssid2.zip 1 -rw- 1405 Feb 28 2011 15:53:20 ssid1.zip 2 -rw- 1405 Feb 28 2011 15:53:39 ssid3.zip 3 -rw- 1405 Feb 28 2011 15:53:44 ssid4.zip 2540 KB total (1319 KB free)
Rules on file size and contents
For the system to push customized authentication pages smoothly, you need comply with the following size and content requirements on authentication pages.
The size of the zip file of each set of authentication pages, including the main authentication pages and the page elements, must be no more than 500 KB.
The size of a single page, including the main authentication page and its page elements, must be no more than 50 KB before being compressed.
Page elements can contain only static contents such as HTML, JS, CSS, and pictures.
Logging off a user who closes the logon success or online page
After a user passes authentication, the system pushes the logon success page named logonSuccess.htm. If the user initiates another authentication through the logon page, the system pushes the online page named online.htm. You can configure the device to forcibly log off the user when the user closes either of these two pages. To do so, add the following contents in logonSuccess.htm and online.htm:
Reference to JS file pt_private.js.
Function pt_unload(), which is used to trigger page unloading.
Function pt_submit(), the event handler function for Form.
Function pt_init(), which is for triggering page loading.
The following is a script example with the added contents highlighted in gray:
<html> <head> <script type="text/javascript" language="javascript" src="pt_private.js"></script> </head> <body onload="pt_init();" onbeforeunload="return pt_unload();"> ... ... <form action=logon.cgi method = post onsubmit="pt_submit()"> ... ... </body> </html>
Redirecting authenticated users to a specified Web page
To make the device automatically redirect authenticated users to a specified Web page, do the following in logon.htm and logonSuccess.htm:
In logon.htm, set the target attribute of Form to blank.
See the contents in gray:
<form method=post action=logon.cgi target="blank">
Add the function for page loading pt_init() to logonSucceess.htm.
See the contents in gray:
<html> <head> <title>LogonSuccessed</title> <script type="text/javascript" language="javascript" src="pt_private.js"></script> </head> <body onload="pt_init();" onbeforeunload="return pt_unload();"> ... ... </body> </html>
Hewlett Packard Enterprise recommends using Microsoft IE 6.0 or above on the authentication clients. Make sure the browser of an authentication client permits pop-ups or permits pop-ups from the access device. Otherwise, the user cannot log off by closing the logon success or online page and can only click Cancel to return back to the logon success or online page.
If a user refreshes the logon success or online page, or jumps to another website from either of the pages, the device also logs off the user.
Only Microsoft IE, Mozilla Firefox, and Apple Safari browsers support the device to log off the user when the user closes the logon success or online page. Google Chrome, Opera, and other browsers do not support this function.