Help

Captive Portal Issues

ChrisTech
Contributor

Posted on ‎04-13-2023 02:11 PM

I am having an issue that I think is somehow related to Safari and our proxy. We have had several reports of users traveling off-network and having issues with captive portals. The Captive Network Assistant.app window appears but it's blank and says: "The webpage couldn't be loaded". If I open Chrome or Firefox, and go to https://captive.apple.com then the Captive Portal appears and I can do whatever I need to access the WiFi SSID. If open Safari, I am unable to get to https://captive.apple.com. Has anyone run across this issue? I'm assuming the Captive Network Assistant is using Safari to try to show the Captive Portal... 

Reply
14 REPLIES 14

AJPinto
Honored Contributor III

Posted on ‎04-14-2023 07:32 AM

I would suggest opening a ticket with Apple. However Apple is going to tell you the issue is with the providers of the captive portals. In my experiences I have noticed Safari's website compatibility is fairly horrible among modern browsers. I do not restrict Safari but I do discourage its use.

0 Kudos
Reply

AdamGMain
New Contributor

Posted on ‎05-02-2023 01:30 PM

Are you running Ventura by chance? I am running into the same issue on Ventura. If I deploy a Jamf configuration for our Securly SmartPAC proxy, I can't access captive portals. However, if I set up the proxy and the ssl certificate manually, it works without issue. I noticed under the Mobile Device configuration, under the Global HTTPS Proxy settings, there is an option to  "Allow bypassing proxy to access captive networks" settings that you can check. I'm wondering with Ventura's switch to a mobile settings interface, if the Computer Configurations side of the proxy configuration in Jamf needs to update this switch somehow.

Reply

Jaykrishna1
Contributor II
In response to AdamGMain

Posted on ‎01-10-2024 02:50 AM

Will you help me with the  Jamf configuration for Securly SmartPAC proxy and specificaly Global HTTPS Proxy

0 Kudos
Reply

sudoErase
Contributor

Posted on ‎07-11-2023 08:15 AM

You should try using http://captive.apple.com instead of https

0 Kudos
Reply

DaneLG
New Contributor II

Posted on ‎10-25-2023 06:13 AM

I've had the same issue for a while now.  Hoping that someone has found a solution...

0 Kudos
Reply

Jaykrishna1
Contributor II

Posted on ‎11-13-2023 11:04 PM

I am also having the same issue and additionally, we are also coordinating with our DLP provider DG.

0 Kudos
Reply

zortmanc
New Contributor II

Posted on ‎04-05-2024 07:28 AM

I'm having the same issue with the securly smart pac via jamf deployment.  The checkbox that once existed in jamf (bypass proxy for captive portals no longer exists). Obviously if i removed the smart pac / captive portal launches without any issues.  Jamf and securly both just point the finger and we are stuck.

0 Kudos
Reply

whiteb
Contributor II
In response to zortmanc

Posted on ‎06-07-2024 01:45 PM

I don't think that option ever existed in the Jamf GUI for macOS. It does still exist for iOS/iPadOS.

We dealt with this issue as well. macOS does support the 'Allow Proxy Bypass for Captive Portal Logins' profile key, it's just the Jamf GUI is missing it for whatever reason.

I suggest getting iMazing Profile Editor and building your Securly config profile with that. It does have the option for macOS. This fixed the issue for us.

0 Kudos
Reply

Jaykrishna1
Contributor II
In response to whiteb

Posted on ‎07-04-2024 03:03 AM

Hi whiteb,

Can you share the same working configuration profile you configured and created?

0 Kudos
Reply

whiteb
Contributor II
In response to Jaykrishna1

Posted on ‎07-09-2024 06:50 PM

Our config profile is specific to us in the sense that it has our web filtering companies certificate + our SmartPAC URL in it. Therefore it's best if you download iMazing Profile Editor and build it to your organizations needs. https://imazing.com/profile-editor/download

The screenshot was just meant to show what is needed for captive portal pop-ups display as expected.

Reply

ChrisTech
Contributor

‎07-09-2024 04:26 PM - edited ‎07-09-2024 04:26 PM

@whiteb I created a config profile with the <key>ProxyCaptiveLoginAllowed</key> option but it didn't work. I opened a ticket with our filtering company... if I remove the proxy, I get the pop up windows. 

0 Kudos
Reply

whiteb
Contributor II
In response to ChrisTech

Posted on ‎07-09-2024 06:55 PM

Strange. We use Securly, not sure about you.

Screenshot 2024-07-09 at 6.51.19 PM.png

This is what our profile looks like when it's installed on a device. As far as I know captive portals are still working as expected. I know for sure the Starbucks captive portal wouldn't load until 'Fallback Allowed' (the key you mentioned I believe) was set to '1'.

Best of luck. Kind of an annoying issue to deal with. I don't think Securly was any help figuring it out for us, I kinda just had to try different things.

0 Kudos
Reply

ChrisTech
Contributor

Posted on ‎07-10-2024 07:04 AM

@whiteb I added that to my config profile just now.. I will test it, thanks. 

0 Kudos
Reply

ChrisTech
Contributor

Posted on ‎07-10-2024 12:56 PM

That did it. So for everyone else, i'll post my XML code for the config profile:

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Proxies</key>
	<dict>
		<key>FallBackAllowed</key>
		<integer>1</integer>
		<key>ProxyAutoConfigEnable</key>
		<integer>1</integer>
		<key>ProxyAutoConfigURLString</key>
		<string>https://yourPACfileHere</string>
		<key>ProxyCaptiveLoginAllowed</key>
		<true/>
	</dict>
</dict>
</plist>

The preference domain is: com.apple.SystemConfiguration

Reply