Configuring Authentication Settings
- Shirly Tsang
- Gary Leicht
- Alex Mandel
- Sri Raghu
Infoblox Platform provides an access authentication service that you can use to authenticate users through a captive portal using third-party IdP (Identity Provider) federation and create security policies based on user groups. A captive portal is a web page that your end users access through a web browser when they are first connected, so they can be authenticated and granted access to Infoblox Service and resources. You must enable the DNS forwarding proxy (DFP) service to work with the access authentication service. When a DNS client initiates DNS traffic, the DNS forward proxy redirects the end users to the captive portal for authentication. For information about how to configure access authentication, see Setting Up Access Authentication.
Admins can modify the landing page of the captive portal by configuring the authentication settings. A logout page can be displayed by default instead of a redirect page when the feature is enabled by toggling the switch located to the right of the Captive Portal Domain field. By enabling the logout page, your users can verify they are logged out of their accounts. Users can also log into the system from the same page. You can use captive portals for your users by presenting a login page that contains the required access authentication. Â You can modify the HTML template on the Authentication Settings page to customize the look and feel of the captive portal.
Note
You can modify only the look and feel of the captive portal, you cannot modify the predefined elements and content in the portal.
To modify the captive portal settings, complete the following:
- Captive Portal Domain: Enter the domain for the captive portal. The default is captiveportal.infoblox.internal.
- User Session Configuration: Click the arrow key to expand this section and complete the following:
- Use Session TTL: Select this check box to specify the time interval during which the user session is valid. By default, when Infoblox DHCP is enabled, the user session interval will match the lease time. Otherwise, the time interval is set to eight hours.
- Session TTL: Choose the time interval for the user session. The default is eight hours.
- Default Redirect Target: Enter the redirect destination to which you want the system to redirect users after the user session expires. The default is https://www.infoblox.com/.
3. HTML: This panel contains the styling script for the default captive portal. It displays the CSS styles that you can modify to customize the look and feel of the captive portal elements. As you make changes to the CSS style, the changes are reflected in the Preview panel.
Note
You should place {{{ibAuthnScript}}} in the <head> tag, as follows:<head>    <link rel="shortcut icon" type="image/x-icon" href="/atlas/favicon.ico" />  {{{ibAuthnScript}}}   <style>   .   .   .   </style>   <title>Infoblox Captive Portal</title>  </head>
You should place {{{ibAuthnPannel}}} in the <body> tag, as follows:<body>  {{{ibAuthnPannel}}}  </body>
These tags contain HTML elements and javascript code for the default captive portal. You cannot make changes to the elements within these tags, but you can change the style of the elements.
For example, if you want to change the Log In button from blue to green, you can modify the following element in the HTML panel:
#ib-auth-submit  {    Â...background-color:green; }The captive portal will change accordingly, as follows:
     
                       Â
- Click Save to save your configuration or click Cancel to discard your changes.
The following table lists the HTML elements you can modify if you want to change the style of the captive portal:
| Element | Description | Usage |
|---|---|---|
#ib-authn-main-pannel | Defines the area that contains the authentication information. | You can change the background color and the shape of this area by modifying the values of the following:
|
#ib-authn-logo | Defines the logo you use inside the authentication area of the captive portal. | The captive portal contains the Infoblox logo by default. If you want to change the logo, you must first upload the new logo and then change the URL in the
|
#ib-authn-hl | Defines the horizontal line that separates the logo and the authentication text below the logo. | You can define the color and the width of the horizontal line by modifying the following elements. To remove the line, set width to 0%.
|
#ib-authn-main-content | Defines the margin or padding for the content area. | You can modify the top, left/right, and bottom margins of the content area respectively. Enter the value in this order: top, left/right, and bottom to modify paddings.
|
#ib-authn-message | Defines the font size of "Authentication Required" in the content area. | You can modify the alignment and font size of "Authentication Required" by modifying the following elements:
|
#ib-authn-error | Defines the error message when the authentication returns an error. | You can apply any CSS styles to define the colors and position of the error message. However, the error message is predefined by Infoblox and you cannot change the error message. |
#ib-authn-main-form | Defines the form used for your captive portal. | You can apply any CSS styles to define the colors and position of the form. However, the form is predefined by Infoblox and you cannot change the content of the form. |
#ib-authn-submit | Defines the style of the "Log In" button. | You can modify the following elements to change the style of the submit or "Log In" button:
|
#ib-authn-submit:hover | Defines the style of the "Log In" button when users hover the mouse over it. | You can modify the following to change the style of the submit or "Log in" button when users hover the mouse over it:
|
For more information about access authentication, see the following: