HTTP is a transport protocol used to transport World Wide Web (WWW) data.
HTTPS is a secure HTTP and also known as HyperText Transfer Protocol over Transport Layer Security (HTTP over TLS) or HyperText Transfer Protocol over Secure Socket Layer (HTTP over SSL). HTTPS uses HTTP for communication and SSL/TLS for data encryption.
HTTPS is primarily used for identity authentication to protect data privacy and integrity.
During Portal authentication, the Portal server instructs the client to use the HTTP or HTTPS protocol to initiate a Portal authentication request to an access device. The client then sends an authentication request to the access device. The request packet carries the HTTP request method and HTTP request body (the requested data includes the user name, password, and other parameters).
Currently, the device supports the following HTTP request methods:
POST: The requested data is stored in the body of an HTTP request packet and is not a part of a URL. Therefore, the data is not easy to intercept and has high security. The device supports this request method by default.
GET: The requested data is appended to a URL and separated from the URL by a question mark (?). The data is a part of the URL, so it is visible to all users, is easy to intercept, and has poor security.
After receiving an authentication request packet, the access device parses the request packet to obtain parameters including the user name and password. The access device then sends the obtained user name and password to the RADIUS server for authentication. The parameter names in a request packet must comply with specific specifications. Otherwise, the device cannot parse the request packet, leading to user authentication failures. Table 1 lists the parameters in a request packet. For example, after receiving a POST request packet (username=abc&password=abc&client_mac=112233445566&initurl=http://portalserver.example.com/login), the device using default parameter names fails to parse the packet. This is because the client_mac parameter specifying the user MAC address in the packet is different from the default macaddress parameter used on the device.
Therefore, when HTTP or HTTPS is used for Portal authentication, ensure that the parameter names configured on the Portal server are the same as those configured on the device.