Configuration Guide Configuring Web Authentication
Same as the HTTP redirection technology of Ruijie First-Generation Web Authentication.
Working Principle
The networking topology of WeChat Web authentication is the same as shown in Figure 1-1.
Roles involved in WeChat Web authentication:
1. User: Is who sets up a Wi-Fi connection through WeChat to access the Internet.
2. In-shop AP: Is a fat AP or a fit AP.
3. Authentication server: Is a portal server or other authentication server like Marketing Cloud Platform (MCP), Wireless
Marketing Cloud (WMC), or a third-party server.
4. WeChat server: Is a WeChat background server.
Process of scanning quick response (QR) codes by WeChat for authentication:
1.
A user initiates an Wi-Fi connection request by scanning the QR code through WeChat.
2.
The WeChat App identifies the QR code and calls the WeChat server (through the GSM by the mobile phone.)
3.
The WeChat server checks the connection request based on the QR code policy.
4.
The WeChat server returns an SSID to the WeChat user for its connection.
5.
The WeChat user sends an connection request to the AP.
6.
After connecting to the AP, the WeChat user sends a blacklist request, with the requested address being
http://10.1.0.6/redirect. The request aims to inform the AP that the request is sent by a WeChat client.
7.
After receiving the blacklist request, the AP sends a 302 redirection request, in which the auth parameter carries the
MAC addresses of the mobile phone and AP in encryption mode.
8.
After receiving the auth parameters, the WeChat client sends the WeChat server a whitelist request carrying the auth
parameters for Wi-Fi connection authorization. Before that, the IP address of the WeChat server must be added to the
whitelist of the AP to enable the AP to permit the authentication request to pass before the authentication on the AP is
complete.
9.
The AP determines that the requested IP address is in the whitelist and permits the whitelist request to pass to the
WeChat server.
10.
The WeChat server sends an HTTP-based authorization request to the device vendor server. The request maps
interface 8. (Interface 13 must be called to set the device vendor server URL and token parameter in advance.)
11.
The device vendor server implements authorization according to the authorization request and returns an
authentication address and parameter (which maps the login parameter on interface 8).
12.
The WeChat server returns the authentication address and parameter to the WeChat client.
13.
The WeChat client requests the authentication address (by sending a login request).
14.
The AP or device vendor server implements Internet access authentication. The AP permits the MAC address of the
mobile phone to pass, and the device vendor server calls interface 7 to notify the WeChat server of successful Internet
access (see step 15 in Figure 1-5). The AP returns a 302 redirection packet carrying the res=success parameter to the
To Next Page
Loading...
