FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmanea
Staff
Staff
Article Id 192385

Description
This article describes how to display a browser pop-up instead of a web page for user authentication when captive portal is enabled.

Related document.
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/934626/captive-portals#Config_captive_po...

Solution
When configuring Captive Portal as an authentication method for the users, by default configuration, FortiGate will display an authentication web page in the browser like the following image:



 
 
To avoid the users to see the web page above but instead a browser pop-up like following:
 
 
 
 
HTTP-Basic-Auth has to be enabled on the user settings.
The 'Basic' HTTP authentication scheme is defined in RFC 7617, which transmits credentials as user ID/password pairs, encoded using base64.

HTTP basic authentication usually causes a browser to display a pop-up authentication window instead of displaying an authentication web page.
Some basic web browsers, for example, web browsers on mobile units, may only support HTTP basic authentication.

On the FortiGate config, the following parameter must be enabled:
# config  user setting
    set auth-ca-cert "Fortinet_CA_SSL" <----- Make sure to set a CA which needs to be trusted on the end users in order not to receive certificate warnings when user loads a 'HTTPS' web site and it is not authenticated yet.
    set auth-secure-http enable
    set auth-http-basic enable
end