"
Apologies for the significant (2 year) delay. I've now found a similar project that requires this functionality. I've raised a second pull-request (https://github.com/opnsense/core/pull/2823) that incorporates the comments from the first. Hope this meets with your approval.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / Re: Captive portal API
February 24, 2016, 02:38:48 PM
I've now implemented this and created a PR here: https://github.com/opnsense/core/pull/792
#3
General Discussion / Re: Captive portal API
January 20, 2016, 03:06:58 PM
Thanks. I'd completely overlooked the development version. I've now installed it and the captive portal API is working as I expect.
I've written a API function that enables the 'masquerade'/dynamic logon that I mentioned. However, it doesn't seem like AccessController.php is the place for this - since it bypasses authentication when called via the portal Lighttpd 'proxy' functionality. Consequently, it would be possible to call my function directly and bypass the portal authentication.
Also, I can't see how session restrictions defined at the zone level are populated into sessions. The code in logonAction() clearly copies a timeout from the authentication server. However, I can't see how to populate the 'acc_session_timeout' session property.
Also, thanks for forking pfsense and putting so much effort into making it look nice and making it what it should have been!
I've written a API function that enables the 'masquerade'/dynamic logon that I mentioned. However, it doesn't seem like AccessController.php is the place for this - since it bypasses authentication when called via the portal Lighttpd 'proxy' functionality. Consequently, it would be possible to call my function directly and bypass the portal authentication.
Also, I can't see how session restrictions defined at the zone level are populated into sessions. The code in logonAction() clearly copies a timeout from the authentication server. However, I can't see how to populate the 'acc_session_timeout' session property.
Also, thanks for forking pfsense and putting so much effort into making it look nice and making it what it should have been!
#4
General Discussion / Captive portal API
January 19, 2016, 02:13:54 PM
I'm trying to use the API to interface with the captive portal. I can't decide if I'm doing something wrong, or if this functionality hasn't been implemented yet.
I log into the captive portal. In the GUI I can see that a session has been established. It displays the client's IP, MAC address etc. However, calling '/api/captiveportal/session/list' returns an empty array. Actually, calling any of the captive portal related API functions returns an empty result.
Am I doing something wrong or does this API functionality not exist yet?
On a related note, I'd like to be able to perform a 'masquerade' login - ie tell OPNsense via the API "This user is now logged in from this IP. Let them through". Essentially I'm trying to have OPNsense linked to Active Directory so that when you log into AD it allows you to the Internet. I had a quick look and can't see that this functionality already exists. Presumably other people might find it of use and you'd be interested in a pull request?
I log into the captive portal. In the GUI I can see that a session has been established. It displays the client's IP, MAC address etc. However, calling '/api/captiveportal/session/list' returns an empty array. Actually, calling any of the captive portal related API functions returns an empty result.
Am I doing something wrong or does this API functionality not exist yet?
On a related note, I'd like to be able to perform a 'masquerade' login - ie tell OPNsense via the API "This user is now logged in from this IP. Let them through". Essentially I'm trying to have OPNsense linked to Active Directory so that when you log into AD it allows you to the Internet. I had a quick look and can't see that this functionality already exists. Presumably other people might find it of use and you'd be interested in a pull request?
Pages1
