External Captive portal device Auth with TPLink Cloud

External Captive portal device Auth with TPLink Cloud
External Captive portal device Auth with TPLink Cloud
2020-09-07 16:31:41
Model: OC200
Hardware Version: V4
Firmware Version: 1.7.0 Build 20200703 Rel.59609

Hi all

 

We have successfully written code to authenticate a device onto an OC200 controller using:

 

<controller_ip>/extportal/<site>/auth?token=xxxx

 

However we now have a client who has their controller hosted in the TPLink Cloud.

We can get a token successfully using:

 

https://wap.tplinkcloud.com with the JSON command "method": "login" etc.

 

But how do we then:

1) Communicate with the controller (getDeviceList returns empty, no error)

2) Authenticate a device with the controller

 

We cannot find documentation anywhere regarding this.

 

Much appreciated!

 

0
0
#1
Options
7 Replies
Re:External Captive portal device Auth with TPLink Cloud
2020-09-08 02:15:29

Dear @sparki_uk,

 

Please check if the guide below helps.

The Requirements of Establishing an External Portal Server

Best Regards!
0
0
#2
Options
Re:External Captive portal device Auth with TPLink Cloud
2020-09-08 08:16:20

Hi @Fae 

No this is for direct / local controllers.  Notice it says http_port?  That's not required on cloud.

 

Surely there is API documentation for the TPLink Cloud API

0
0
#3
Options
Re:External Captive portal device Auth with TPLink Cloud
2020-09-09 06:26:02 - last edited 2020-09-09 06:43:46

 

sparki_uk wrote

No this is for direct / local controllers.

 

When running Omada SDN Controller software natively in the cloud or on a public server, External Portal Server authentication uses the very same API as used for direct / local controllers. The only difference is that for the SW controller running natively in a cloud one needs to use the public IP address of the cloud instance to access the controller, while for direct/local controllers one needs to use the local IP address of the controller to access it.

 

There are not many people running Omada Controller (the software version) natively on a public server or in the cloud. I do so for some of my customers still using old EAPs which are not supported by newer controller versions.

 

Most users of OC200 or a local SW controller just bind their controller to the TP-Link cloud, which allows to remotely access the controller's web UI (and only the web UI!) through a tunnel from anywhere on the Internet. You could even bind a SW controller runing natively in the cloud with the TP-Link cloud, albeit this makes not much sense. But for External Portal Server authentication one still needs to access the local controller (an OC200 or a SW controller running on a local server) in this case, not the cloud. The cloud just provides a tunnel to connect to the local controller's web UI, it does not handle portal authentication nor EAP management.

 

TP-Link will soon offer a subscription-based cloud service where the new SDN controller software natively runs in the cloud, but AFAIK it has not been launched yet (at least not in my country).

 

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
0
0
#4
Options
Re:External Captive portal device Auth with TPLink Cloud
2020-09-11 14:35:42 - last edited 2020-09-11 14:37:42

Thanks all for your responses.  We made progress but the documentation really isn't consistent.

 

 

@Fae we are SO CLOSE!  We followed your advice and communicated directly with the controller (version 4.1.5).

 

We have authenticated the operator (not the device administrator account).  NB: section 7 shows incorrect URL, it should be /api/v2/hotspot/login.  The documented URL does not work. Doing this we get a token:

{

"errorCode": 0,

"msg": "Hotspot log in successfully.",

"result": {

"token": "7041fa79755f4452b37026233ce1cb76"

}

}

 

Excellent!   So we made the call (again the doc is WRONG.  You cannot put extPortal/siteD/auth):

 

/api/v2/hotspot/extPortal/auth?token=7041fa79755f4452b37026233ce1cb76


(we put XX-XX to anonymise):

 

{

"clientMac":"XX-XX-XX-9A-CB-6A",

"apMac":"XX-XX-XX-5B-CD-BD",

"ssidName":"Test-Guest",

"site":"Default",

"radioId":0,

"t":1599830459,

"time":86400

}

 

However - when we then make the Auth call, we get GENERAL ERROR:

 

{

"errorCode": -1,

"msg": "General error."

}

 

If we modify the apMac, it gives a different error which we would expect:

{

"errorCode": -1001,

"msg": "Invalid request parameters."

}

 

What is the General error?

We tried with a token using the DEVICE admin (the login URL is actually different if you do that) account but same error when calling extPortal/auth.

 

Regards

Steve

 

 

 

1
1
#5
Options
Re:External Captive portal device Auth with TPLink Cloud
2020-09-20 04:05:21
Did you find a solution for this? We are facing the same exact problem.
0
0
#6
Options
Re:External Captive portal device Auth with TPLink Cloud
2020-09-21 07:45:58

@kvnp10 Not yet.  We escalated this with Tp-link a few days ago but have yet to hear back.

 

I will certainly post an update here whatever the outcome.  Recommend you subscribe to this post to get notified. 

1
1
#7
Options
Re:External Captive portal device Auth with TPLink Cloud
2020-09-22 09:48:57

We got this working on our system, but only by going back a firmware version. 

It also required us to roll back the EAP firmware versions too, otherwise you'll get the error "internet may not be available"

 

OC200

Download and unzip version V1.2.3 from https://www.tp-link.com/uk/support/download/oc200/#Firmware

Log into the OC200 locally (not via cloud) and choose UPGRADE in the firmware.

 

You will LOSE ALL SETTINGS and won't be able to restore from your backup file.

We had to set up the Fydelia captive portal settings again.

 

EAP225 V3

Download and unzip version V2.7.0 from https://www.tp-link.com/uk/support/download/eap225/v3/#Firmware

Upgrade the EAP from your downgraded OC200 (running V1.2.3)

 

External Captive Portal settings

We got it working with Fydelia.  View the full install guide on their support page.

 

This post should remain open until TPLink resolve this issue with the latest OC200 controller firmware.  We have an escalated ticket open with them with ticket number #542947

We will keep this post updated.

1
1
#8
Options