Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nlegastelois
Explorer

customize http client authentication page

Hello,

 

We are using FW version 80.10 and we have the HTTP client authentication page that has been customized with logo and background, these image have been configured by using links to another web server due to the page size limitation.

We tried to upgrade our gateway to the 80.30 but after that we dicovered that the checkpoint internal web server was using the feature "content security policy" by adding a setting into the header and the browsers block the image when loading the page.

Do you know if know the page size is still limited and if I can host the image from the checkpoint itself and where ?

Is there a way to change the internal web server setting in order to allow external src of image ? and where are the config file ?

Thanks for your help, I am searching for a while about this.

Nico

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

What precise reason are you still using Client Auth?
We've deprecated this authentication method in R80.x and recommend using Identity Awareness, which does have its own Captive Portal.
0 Kudos
nlegastelois
Explorer

To be honest I don't know as the solution are in place for long time and I am trying to manage it now.

We are accessing to the URL http://fw:900  and we can enter our AD credential then it's linked to a radius with MFA. We are using this authentication for users that are connected to a global VPN and we have some part of our network with rules that need to identify the users.

I found that the deamon is in.ahclientd and the web pages are in $FWDIR/conf/ahclientd.

I don't know if it is really User authentication ?

Is it possible to replace by User awareness and how ?

 

Thanks

0 Kudos
nlegastelois
Explorer

Hello,

other question if the identity awareness is the solution, is there a way to personalize the web site directly by changing the php code ?

 

Thanks

0 Kudos
PhoneBoy
Admin
Admin

Identity Awareness is the solution, yes.
You might be able to customize the portal by hacking the underlying code, but I don't think we provide any instructions for that.
0 Kudos
nlegastelois
Explorer

Hi,

Sorry to refresh this topic but I am still looking for a way to customize the captive portal because the default possibilities are not sufficients.

Does someone already customized the portal by modifying the code ? Is that something that will follow the Checkpoit upgrades ?

Thank you for your help.

Nicolas

0 Kudos
PhoneBoy
Admin
Admin

The underlying code is in: /opt/CPUserCheckPortal/htdocs
I think it's safe to say any modifications to this will NOT survive an upgrade or maybe even a JHF.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events