Technical Tip: How to configure web page authentication instead of browser pop-up authentication
Description
This article explains how to display an authentication web page instead of a simple browser pop-up for user authentication.
It is assumed that user authentication has been enabled and that users are getting a browser pop-up to login instead of the web page for the captive portal.
It is assumed that user authentication has been enabled and that users are getting a browser pop-up to login instead of the web page for the captive portal.
Scope
FortiGate.
Solution
To show an authentication web page, it is necessary to configure the following parameter on the user settings:
config user setting
show full-configuration
set auth-type http https ftp telnet
set auth-cert "Fortinet_CA_SSLProxy"
set auth-ca-cert "Fortinet_CA_SSLProxy"
set auth-secure-http enable
set auth-http-basic enable <-----
set auth-multi-group enable
set auth-timeout 300
set auth-timeout-type idle-timeout
set radius-ses-timeout-act hard-timeout
set auth-blackout-time 0
set auth-invalid-max 5
set auth-lockout-threshold 3
set auth-lockout-duration 0
end
config user setting
set auth-http-basic disable <----- Default configuration.
end
show full-configuration
set auth-type http https ftp telnet
set auth-cert "Fortinet_CA_SSLProxy"
set auth-ca-cert "Fortinet_CA_SSLProxy"
set auth-secure-http enable
set auth-http-basic enable <-----
set auth-multi-group enable
set auth-timeout 300
set auth-timeout-type idle-timeout
set radius-ses-timeout-act hard-timeout
set auth-blackout-time 0
set auth-invalid-max 5
set auth-lockout-threshold 3
set auth-lockout-duration 0
end
config user setting
set auth-http-basic disable <----- Default configuration.
end
After that, the users will get the authentication web page:
Enable or disable support for HTTP basic authentication for identity-based firewall policies.
HTTP basic authentication usually causes a browser to display a pop-up authentication window instead of displaying an authentication web page. Some basic web browsers, for example, web browsers on mobile devices, may only support HTTP basic authentication.