AltostratusHi Guys,
I was wondering if its possible to have the following setup?
Customer connects to wifi > traffic is directed to the load balancer where it will redirect the customer to a external captive portal > they will then register for access or if they have an account they would just login.
Once they have logged in they will be authenticated and able to connect to the internet.
Is this possible?
Would this be an Irule?
When using APM, you'll probably don't need any iRules. See below an example with SWG:
https://clouddocs.f5.com/training/community/iam/html/class3/module6/module6.html
I think you should be able to do something with APM and an external captive portal, by using SAML. In this scenario the captive portal will be configured as the IDP.
And if you're handy with iRules, I guess you could come up with a working setup also. Probably you'll have to do something with cookies and/or tables.
AltostratusHi Niels,
Thank you for your input, so just to confirm this would need APM.
This wouldn't work with just a LTM module?
AltostratusI am not sure if I worded the beginning statement correctly,
When a guest connects to the Wifi they will be redirected to an external hosted captive portal which will authenticate the user using Radius so once they have created their account or logged in, they will then have full access to the internet on their mobile's or portable devices.
If they do not login or create an account they would not be able to browse the internet.
I have looked into APM captive portal but that doesn't seem like it would process the above request?
Yes, the example from clouddocs is just a captive portal on the BIG-IP itself. If you want to redirect authentication to an external hosted captive portal you might be able to use SAML. if the external hosted captive portal supports it. When it comes to iRules you can build about anything you can imagine. But you'll need the skills to build it yourself.
EmployeeIf you chose not to use APM directly for captive portal functions, and SAML is not possible, how would the BIG-IP determine that a customer is "authenticated"? How you approach this will depend largely on that.
