Posted on 04-13-2023 02:11 PM
I am having an issue that I think is somehow related to Safari and our proxy. We have had several reports of users traveling off-network and having issues with captive portals. The Captive Network Assistant.app window appears but it's blank and says: "The webpage couldn't be loaded". If I open Chrome or Firefox, and go to https://captive.apple.com then the Captive Portal appears and I can do whatever I need to access the WiFi SSID. If open Safari, I am unable to get to https://captive.apple.com. Has anyone run across this issue? I'm assuming the Captive Network Assistant is using Safari to try to show the Captive Portal...
Posted on 04-14-2023 07:32 AM
I would suggest opening a ticket with Apple. However Apple is going to tell you the issue is with the providers of the captive portals. In my experiences I have noticed Safari's website compatibility is fairly horrible among modern browsers. I do not restrict Safari but I do discourage its use.
Posted on 05-02-2023 01:30 PM
Are you running Ventura by chance? I am running into the same issue on Ventura. If I deploy a Jamf configuration for our Securly SmartPAC proxy, I can't access captive portals. However, if I set up the proxy and the ssl certificate manually, it works without issue. I noticed under the Mobile Device configuration, under the Global HTTPS Proxy settings, there is an option to "Allow bypassing proxy to access captive networks" settings that you can check. I'm wondering with Ventura's switch to a mobile settings interface, if the Computer Configurations side of the proxy configuration in Jamf needs to update this switch somehow.
Posted on 01-10-2024 02:50 AM
Will you help me with the Jamf configuration for Securly SmartPAC proxy and specificaly Global HTTPS Proxy
Posted on 07-11-2023 08:15 AM
You should try using http://captive.apple.com instead of https
Posted on 10-25-2023 06:13 AM
I've had the same issue for a while now. Hoping that someone has found a solution...
Posted on 11-13-2023 11:04 PM
I am also having the same issue and additionally, we are also coordinating with our DLP provider DG.
Posted on 04-05-2024 07:28 AM
I'm having the same issue with the securly smart pac via jamf deployment. The checkbox that once existed in jamf (bypass proxy for captive portals no longer exists). Obviously if i removed the smart pac / captive portal launches without any issues. Jamf and securly both just point the finger and we are stuck.
Posted on 06-07-2024 01:45 PM
I don't think that option ever existed in the Jamf GUI for macOS. It does still exist for iOS/iPadOS.
We dealt with this issue as well. macOS does support the 'Allow Proxy Bypass for Captive Portal Logins' profile key, it's just the Jamf GUI is missing it for whatever reason.
I suggest getting iMazing Profile Editor and building your Securly config profile with that. It does have the option for macOS. This fixed the issue for us.
Posted on 07-04-2024 03:03 AM
Hi whiteb,
Can you share the same working configuration profile you configured and created?
Posted on 07-09-2024 06:50 PM
Our config profile is specific to us in the sense that it has our web filtering companies certificate + our SmartPAC URL in it. Therefore it's best if you download iMazing Profile Editor and build it to your organizations needs. https://imazing.com/profile-editor/download
The screenshot was just meant to show what is needed for captive portal pop-ups display as expected.
07-09-2024 04:26 PM - edited 07-09-2024 04:26 PM
@whiteb I created a config profile with the <key>ProxyCaptiveLoginAllowed</key> option but it didn't work. I opened a ticket with our filtering company... if I remove the proxy, I get the pop up windows.
Posted on 07-09-2024 06:55 PM
Strange. We use Securly, not sure about you.
This is what our profile looks like when it's installed on a device. As far as I know captive portals are still working as expected. I know for sure the Starbucks captive portal wouldn't load until 'Fallback Allowed' (the key you mentioned I believe) was set to '1'.
Best of luck. Kind of an annoying issue to deal with. I don't think Securly was any help figuring it out for us, I kinda just had to try different things.
Posted on 07-10-2024 07:04 AM
@whiteb I added that to my config profile just now.. I will test it, thanks.
Posted on 07-10-2024 12:56 PM
That did it. So for everyone else, i'll post my XML code for the config profile:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Proxies</key>
<dict>
<key>FallBackAllowed</key>
<integer>1</integer>
<key>ProxyAutoConfigEnable</key>
<integer>1</integer>
<key>ProxyAutoConfigURLString</key>
<string>https://yourPACfileHere</string>
<key>ProxyCaptiveLoginAllowed</key>
<true/>
</dict>
</dict>
</plist>
The preference domain is: com.apple.SystemConfiguration
3 weeks ago
Are you applying this at the user level or computer level? Securly now has info about this on their support site but says it must be applied at the user level. Unfortunately many of our users are not "mdm enabled" users so that won't work for us.