External Captive portal device Auth with TPLink Cloud
Hi all
We have successfully written code to authenticate a device onto an OC200 controller using:
<controller_ip>/extportal/<site>/auth?token=xxxx
However we now have a client who has their controller hosted in the TPLink Cloud.
We can get a token successfully using:
https://wap.tplinkcloud.com with the JSON command "method": "login" etc.
But how do we then:
1) Communicate with the controller (getDeviceList returns empty, no error)
2) Authenticate a device with the controller
We cannot find documentation anywhere regarding this.
Much appreciated!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @Fae
No this is for direct / local controllers. Notice it says http_port? That's not required on cloud.
Surely there is API documentation for the TPLink Cloud API
- Copy Link
- Report Inappropriate Content
sparki_uk wrote
No this is for direct / local controllers.
When running Omada SDN Controller software natively in the cloud or on a public server, External Portal Server authentication uses the very same API as used for direct / local controllers. The only difference is that for the SW controller running natively in a cloud one needs to use the public IP address of the cloud instance to access the controller, while for direct/local controllers one needs to use the local IP address of the controller to access it.
There are not many people running Omada Controller (the software version) natively on a public server or in the cloud. I do so for some of my customers still using old EAPs which are not supported by newer controller versions.
Most users of OC200 or a local SW controller just bind their controller to the TP-Link cloud, which allows to remotely access the controller's web UI (and only the web UI!) through a tunnel from anywhere on the Internet. You could even bind a SW controller runing natively in the cloud with the TP-Link cloud, albeit this makes not much sense. But for External Portal Server authentication one still needs to access the local controller (an OC200 or a SW controller running on a local server) in this case, not the cloud. The cloud just provides a tunnel to connect to the local controller's web UI, it does not handle portal authentication nor EAP management.
TP-Link will soon offer a subscription-based cloud service where the new SDN controller software natively runs in the cloud, but AFAIK it has not been launched yet (at least not in my country).
- Copy Link
- Report Inappropriate Content
Thanks all for your responses. We made progress but the documentation really isn't consistent.
@Fae we are SO CLOSE! We followed your advice and communicated directly with the controller (version 4.1.5).
We have authenticated the operator (not the device administrator account). NB: section 7 shows incorrect URL, it should be /api/v2/hotspot/login. The documented URL does not work. Doing this we get a token:
{
"errorCode": 0,
"msg": "Hotspot log in successfully.",
"result": {
"token": "7041fa79755f4452b37026233ce1cb76"
}
}
Excellent! So we made the call (again the doc is WRONG. You cannot put extPortal/siteD/auth):
/api/v2/hotspot/extPortal/auth?token=7041fa79755f4452b37026233ce1cb76
(we put XX-XX to anonymise):
{
"clientMac":"XX-XX-XX-9A-CB-6A",
"apMac":"XX-XX-XX-5B-CD-BD",
"ssidName":"Test-Guest",
"site":"Default",
"radioId":0,
"t":1599830459,
"time":86400
}
However - when we then make the Auth call, we get GENERAL ERROR:
{
"errorCode": -1,
"msg": "General error."
}
If we modify the apMac, it gives a different error which we would expect:
{
"errorCode": -1001,
"msg": "Invalid request parameters."
}
What is the General error?
We tried with a token using the DEVICE admin (the login URL is actually different if you do that) account but same error when calling extPortal/auth.
Regards
Steve
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@kvnp10 Not yet. We escalated this with Tp-link a few days ago but have yet to hear back.
I will certainly post an update here whatever the outcome. Recommend you subscribe to this post to get notified.
- Copy Link
- Report Inappropriate Content
We got this working on our system, but only by going back a firmware version.
It also required us to roll back the EAP firmware versions too, otherwise you'll get the error "internet may not be available"
OC200
Download and unzip version V1.2.3 from https://www.tp-link.com/uk/support/download/oc200/#Firmware
Log into the OC200 locally (not via cloud) and choose UPGRADE in the firmware.
You will LOSE ALL SETTINGS and won't be able to restore from your backup file.
We had to set up the Fydelia captive portal settings again.
EAP225 V3
Download and unzip version V2.7.0 from https://www.tp-link.com/uk/support/download/eap225/v3/#Firmware
Upgrade the EAP from your downgraded OC200 (running V1.2.3)
External Captive Portal settings
We got it working with Fydelia. View the full install guide on their support page.
This post should remain open until TPLink resolve this issue with the latest OC200 controller firmware. We have an escalated ticket open with them with ticket number #542947
We will keep this post updated.
- Copy Link
- Report Inappropriate Content
@sparki_uk any updates i have the same problem.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2881
Replies: 8
Voters 0
No one has voted for it yet.