Posted: Mon Mar 09, 2015 14:35 Post subject: Current CaptivePortal solutions and SAML
Hi there,
So I'm just in the process of setting up NoCatSplash, just to see an example of a working captive portal / hotspot on dd-wrt.
Once I have it working I will want to extend it ever so slightly, rather than having the current 3 fields posted back I would like to have a SAML response posted back. I have the necessary code to evaluate the response to assure that it's valid, this will then fit in nicely with our existing SAML SSO server. What would be the easiest way to do this? modify NoCatSplash or start from a new application shomehow?
I just want to do this as prototype for now so even if I'm just parsing the response and just getting the username from the XML that will be fine.
Posted: Mon Mar 09, 2015 15:02 Post subject: Update:
It's not suitable, after authenticating on another web server it simply does the postback that is being done with the default NoCatSplash, thus not really adding any security.
Quote from the code readme file,
"NoCatSplash doesn't support authentication out-of-box on DD-WRT implementations. NoCatSplash Auth allows you to add a layer of authentication. However NoCatSplash isn't designed for authentication meaning NoCatSplash Auth can be circumvented.
An intelligent user/hacker/leech could mimic the action caused by pressing the button with a webpage of their own..."
Posted: Mon Mar 09, 2015 15:53 Post subject: NoCatSplash modification
Okay so I now know exactly where I need my code, that would be from line 130 in "router/nocat/src/open.c". Just an addition of checking an additional posted param of SAMLResponse that, would contain my SAML response would be suitable.
I've just downloaded the source code of 2.28 GB though so now it's working out how to compile it for my router so that I can make changes...
I have a NetGear WDR3700v4 so if anyone knows anything about that, that would be helpful?
