Most of Meraki's customers who need a splash page authentication system on their wireless networks use the customizable splash pages that are hosted by Meraki's cloud and configured in Meraki Dashboard.
However many companies build their own splash page page to run on their own servers, using Meraki's External Captive Portal API (EXCAP). This document describes how to get started with the API plus describes the interface between the captive portal server and the Meraki cloud in both click-through and sign-on cases.
Note: This feature is for advanced users and will require the ability to parse GET parameters in order to build a grant or login URL. Knowledge of only HTML is not sufficient, you will also be required to have server-side scripting enabled.
This section outlines the configuration in Dashboard necessary to direct new users to your web server hosting a custom splash page.
This section describes the process by which a user goes through a splash page, including how PHP can be used to provide a custom experience.
Assuming you have correctly added the web server's IP to the walled garden, the user will be viewing the splash page. Note the extra parameters appended to the URL. It is critical that your web server detects and makes use of these parameters, as they indicate how to grant access. You might choose to store these parameters in a session or otherwise save them for later use.
Note: If your browser enters an infinite redirect loop, check your walled garden settings and ensure the your web server's IP has been added to the walled garden.
GET['base_grant_url'] + "?continue_url=" + GET['user_continue_url']
Where the following parameters are extracted from the user’s original query or specified by you:
In order for the ?continue_url parameter to function, the "Where should users go after the splash page" option in Dashboard must be set to "The URL they were trying to fetch."
Depending on the device type, this option is available in the following locations:
In the case of the example above the assembled URL would be:
Note: Your URL may be different than the above example. It is dynamic and you should therefore never hard-code the grant URL.
GET['base_grant_url'] + "?continue_url=" + GET['user_continue_url'] + "&duration=3600" (to grant access for one hour).
For additional info, please reference our example Clickthrough Splash page code. The script is in its simplest form but it's a working script and can be readily uploaded to your host for testing or use.
Note: If your browser enters an infinite redirect loop, check your walled garden settings and ensure your web server's IP was added to the walled garden.
<html> <head> <title>Internet Access Login</title> </head> <body> <h2>Internet Access Login</h2> <form method=POST action="<? urldecode(GET['login_url']) ?>"> <input type="hidden" name="success_url" value="<? urldecode(GET['continue_url']) ?>" /> Username: <input type ="text" name="username" /> Password: <input type ="text" name="password" /> <input type="submit" value="Login" /> </form> </body> </html>
In the above example the code inside <? ?> is executed via the server-side. The login_url parameter is an opaque string used by the Meraki cloud for authentication and security. It is subject to change and should not be hard-coded.
If a device should be forced back through the splash, simply clear that device's splash authorization. The AP will then send the client through the splash page the next time it initiates an HTTP flow.