Customizing authentication pages

Customized authentication pages exist in the form of HTML files. You can compress them and then save them in the storage medium of the access device.

A set of authentication pages includes six main authentication pages and their page elements.

The six main authentication pages are the logon page, the logon success page, the logon failure page, the online page, the system busy page, and the logoff success page.

The page elements refer to the files that the authentication pages reference, for example, back.jpg for page Logon.htm. Each main authentication page can reference multiple page elements. If you define only some of the main authentication pages, the system uses the default authentication pages for the undefined ones.

For the local portal server to operate normally and steadily, use the following rules when customizing authentication pages:

File name rules

The names of the main authentication page files cannot be changed. You can define the names of the files other than the main authentication page files. File names and directory names are case-insensitive.

Table 10: Main authentication page file names

Main authentication page	File name
Logon page	logon.htm
Logon success page	logonSuccess.htm
Logon failure page	logonFail.htm
Online page Pushed after the user gets online for online notification	online.htm
System busy page Pushed when the system is busy or the user is in the logon process	busy.htm
Logoff success page	logoffSuccess.htm

Page request rules

The local portal server supports only Get and Post requests.

Get requests—Used to get the static files in the authentication pages and allow no recursion. For example, if file Logon.htm includes contents that perform Get action on file ca.htm, file ca.htm cannot include any reference to file Logon.htm.
Post requests—Used when users submit username and password pairs, log on the system, and log off the system.

Post request attribute rules

Observe the following requirements when editing a form of an authentication page:

An authentication page can have multiple forms, but there must be one and only one form whose action is logon.cgi. Otherwise, user information cannot be sent to the local portal server.
The username attribute is fixed as PtUser. The password attribute is fixed as PtPwd.
Attribute PtButton is required to indicate the action that the user requests, either Logon or Logoff.
A logon Post request must contain PtUser, PtPwd, and PtButton attributes.
A logoff Post request must contain the PtButton attribute.

Authentication pages logon.htm and logonFail.htm must contain the logon Post request.

The following example shows part of the script in page logon.htm.

<form action=logon.cgi method = post >
<p>User name:<input type="text" name = "PtUser" style="width:160px;height:22px" maxlength=64>
<p>Password :<input type="password" name = "PtPwd" style="width:160px;height:22px" maxlength=32>
<p><input type=SUBMIT value="Logon" name = "PtButton" style="width:60px;" onclick="form.action=form.action+location.search;>
</form>

Authentication pages logonSuccess.htm and online.htm must contain the logoff Post request.

The following example shows part of the script in page online.htm.

<form action=logon.cgi method = post >
<p><input type=SUBMIT value="Logoff" name="PtButton" style="width:60px;">
</form>

Page file compression and saving rules

A set of authentication page files must be compressed into a standard zip file. The name of a zip file can contain only letters, numerals, and underscores. The zip file of the default authentication pages must be saved with name defaultfile.zip.
The set of authentication pages must be located in the root directory of the zip file.
Zip files can be transferred to the device through FTP or TFTP. The default authentication pages file must be saved in the root directory of the device, and other authentication files can be saved in the root directory or the portal directory under the root directory of the device.
Examples of zip files on the device:
```
<Sysname> dir
Directory of flash:/portal/
   0     -rw-      1405  Feb 28 2011 15:53:31   2.zip
   1     -rw-      1405  Feb 28 2011 15:53:20   1.zip
   2     -rw-      1405  Feb 28 2011 15:53:39   3.zip
   3     -rw-      1405  Feb 28 2011 15:53:44   4.zip
2540 KB total (1319 KB free)
```

File size and content rules

The following size and content requirements for authentication pages allows the system to push customized authentication pages smoothly:

The size of the zip file of each set of authentication pages, including the main authentication pages and the page elements, must be no more than 500 KB.
The size of a single page, including the main authentication page and its page elements, must be no more than 50 KB before being compressed.
Page elements can contain only static contents such as HTML, JS, CSS, and pictures.

Logging off a user who closes the logon success or online page

After a user passes authentication, the system pushes the logon success page named logonSuccess.htm. If the user initiates another authentication through the logon page, the system pushes the online page named online.htm. You can configure the device to forcibly log off the user when the user closes either of these two pages. To do so, add the following contents in logonSuccess.htm and online.htm:

Reference to JS file pt_private.js.

Function pt_unload(), which is used to trigger page unloading.

Function pt_submit(), the event handler function for Form.

Function pt_init(), which is for triggering page loading.

The following is a script example with the added contents highlighted in gray:

    <html>
    <head>
    <script type="text/javascript" language="javascript" src="pt_private.js"></script>
    </head>
    <body onload="pt_init();" onbeforeunload="return pt_unload();">
    ... ...
<form action=logon.cgi method = post onsubmit="pt_submit()">
    ... ...
    </body>
    </html>

If a user refreshes the logon success or online page, or jumps to another website from either of the pages, the device also logs off the user.

Only Microsoft IE, Mozilla Firefox, and Apple Safari browsers support the device to log off the user when the user closes the logon success or online page. Google Chrome, Opera, and other browsers do not support this function.

Make sure the browser of an authentication client permits pop-ups or permits pop-ups from the access device. Otherwise, the user cannot log off by closing the logon success or online page and can only click Cancel to return back to the logon success or online page.

Redirecting authenticated users to a specific webpage

To make the device automatically redirect authenticated users to a specific webpage, do the following in logon.htm and logonSuccess.htm:

In logon.htm, set the target attribute of Form to blank.

See the contents in gray:

    <form method=post action=logon.cgi target="blank">

Add the function for page loading pt_init() to logonSucceess.htm.

See the contents in gray:

    <html>
    <head>
    <title>LogonSuccessed</title>
    <script type="text/javascript" language="javascript" src="pt_private.js"></script>
    </head>
    <body onload="pt_init();" onbeforeunload="return pt_unload();">
    ... ...
    </body>
</html>

NOTE:

Hewlett Packard Enterprise recommends using Microsoft IE 6.0 or above on the authentication clients.

prev	up	next
Configuring the local portal server	home	Configuring the local portal server