Logic Flow
- Client connects to AP.
- AP redirects the client to splash server.
- Splash page displays content and includes additional parameters in the URL.
- Client interacts with the site (form, oAuth, SMS, etc.).
- Form submission sends username and password to Meraki in the post body.
- Meraki sends the user credentials to the configured RADIUS or Meraki Authentication server in the post body.
- Meraki grants the login and redirects the client to the success_url.
- The success_url is a route on the splash server that will store the logout_url parameter.
- The client is logged in and will see a final splash page which optionally presents a logout button using the supplied logout_url parameter.
- The user can optionally press a logout button using the logout_url to end their session. If a continue_url is provided in the query, it will send the client to this page.
HTTP Flow
Splash Page URL
This is the initial URL the client will be redirected to once associated with the network, which was set in the Custom Splash URL section in the Meraki Dashboard.
Sample URL
[GET]
https://splashserver/splash
Meraki automatically appends the additional parameters to be parsed by the client.
https://splashserver/splash?login_url=https%3A%2F%2Fn143.network-auth.com%2Fsplash%2Flogin%3Fmauth%3DMM1SZQlKjZsbExZ8sXIegKpUGaShrHlYgSYDAUdgiuxDuS4j46GE2lgPsWNdf6irbns5oO6HUIahXvgUtKoW7fAr4OuNypBHRjnJlRi2dEeqnE9s-YsURZog8i0pdzcApFaF0v3g6jTTOIrJMNSNiIFLOv67WLHXX4s3slfyo2ulZrhjqNQek2BJQgr17bTUXA4I3Rgfo6AEw%26continue_url%3Dhttp%253A%252F%252Fwww.ask.com%252F&continue_url=http%3A%2F%2Fwww.ask.com%2F&ap_mac=88%3A15%3A44%3A60%3A1c%3A1a&ap_name=mr53-ca&ap_tags=MR53+BLE+LivingRoom&client_mac=f4%3A5c%3A89%3A9b%3A17%3A67&client_ip=192.168.0.13
Parameters
| Name | Sample Data | Comments |
|---|---|---|
| login_url | https://n143.network-auth.com/splash…in?mauth=MMLPT… |
The URL a client will use to authenticate which includes an mauth token. |
| continue_url | http://meraki.com |
The URL the client was trying to access when their request was intercepted by the captive portal. |
| ap_name | AP01 | The Access Point’s name. |
| ap_mac | 00:18:0a:13:dd:b0 | Access Point’s physical network address. |
| ap_tags | MR53+BLE+LivingRoom | The Access Point’s tags. |
| client_ip | 10.162.50.40 | Client’s logical network address. |
| client_mac | ff:ff:96:d5:d5 | Client’s physical network address. |
Login URL
The login_url will contain the path where the login form must be posted to. At a minimum, a username and password must be included in the [post] body. In addition, a continue_url or a success_url can be included to redirect the client following a successful authentication.
If a continue_url is provided, the client will be redirected to that URL upon successful login. The continue_url is typically used to send the client back to the page they were trying to access. This can be achieved by setting the continue_url to the one passed to the initial splash page.
If a success_url is provided, the client will be redirected to that URL upon successful login, with a logout_url parameter appended. The success_url is typically used to send the client to a custom success page that can provide additional information or advertising. The success_url can also take advantage of the logout_url parameter to provide a logout button. If provided, the success_url takes precedence over the continue_url.
Sample URL
[POST]
https://n143.network-auth.com/splash/login?mauth=<dynamicTokenbyMeraki>
Parameters
| Name | Sample Data | Comments |
|---|---|---|
| username | testuser | User provided username |
| password | s0me$ecret! | User provided password |
| continue_url | https://meraki.com |
The URL the client will be redirected to upon successful login. The logout_url will not be passed as a parameter to this page. |
| success_url | https://splashserver/excapSuccess |
The URL the client will be redirected to upon successful login. This can be a page that takes advantage of the logout_url and also provide additional advertising or customer interactions. If provided, this takes precedence over the continue_url. |
Success URL
Once authenticated, the client will be redirected to the success_url as configured in the previous step. You have the opportunity to use the provided logout_url to create a logout button.
Sample URL
[GET]
https://splashserver/excapSuccess?logout_url=https%3A%2F%2Fn143.network-auth.com%2Fsplash%2Flogout%3Fkey%3DMMObdckbTbsqH-kZh58wC1rh66VdYkao1N17ZViB0vFZux8uMlO3E1nskAgZ-LbT3x5ef1pb6YKL8
Parameters
| Name | Sample Data | Comments |
|---|---|---|
| logout_url | https://n143.network-auth.com/splash/logout?key=DMMO |
The URL a client will be redirected to for the logout operation which includes a key token. |
Logout URL
When a request is made to the logout_url, the client will be logged out. The URL can include a continue_url parameter which controls where the client will be redirected to after logout. This can be used to display a custom "logged out" page.
Note that if the Captive portal strength is set to Block all access until sign-on is complete, any domains which fall outside the walled garden will not be accessible until the client logs in again. You should therefore ensure that the resources needed to serve the logout_url are within the walled garden.
Sample URL
[GET]
https://n143.network-auth.com/splash/logout?key=DMMO...&continue_url=https%3A%2F%2Fsplashserver%2Floggedout
Parameters
The variables that can be sent with the logout_url.
| Name | Sample Data | Comments |
|---|---|---|
| continue_url | https://splashserver/loggedout |
The URL a client will be redirected to once logged out. |
Code Samples
Here is a collection of sample code for various environments. This is a great starting point to begin working with the APIs. In most cases, you can clone the software to your development machine and be up in running in a short amount of time.
Note: The following samples are for reference only and should be implemented with professional oversight. User security and privacy is critical to Cisco Meraki. Please ensure that any installation is encrypted and manages user security as a core consideration.
HTML & JavaScript
NodeJS
Firebase
Node-RED
PHP