Shared Credentials
The shared credentials view of the identities menu displays scaffolds that allow the operator to configure the shared credential access features of the rXg.
There are many situations when an operator wishes to allow access to a network without requiring each end-user to supply unique credentials. For example, the operator may wish to provide a "free access" service at certain locations for marketing purposes. Many rural WISPs and telcos are able to obtain subsidies from local governments for provided limited or advertising supported free access.
Another common use case for this capability is a "shared password" scenario. For example, if a hotel wishes to allow several end-users who have booked a conference room to use a single, shared password, to gain access. Conference centers also use this functionality to provide groups who purchase Internet access as an additional feature of booth space.
The rXg enables the operator to provide such services while applying the rich functionality of the rXg to each individual end-user. shared credential groups are linked to policies in the same manner as the all of the other group objects in the rXg. The user experience of end-users whe are members of shared credential groups may be controlled by the broad spectrum of capabilities that the rXg offers.
The "free access" service may utilize the interstitial redirects and HTML injection mechanisms to generate revenue from advertising. Similarly, per-device bandwidth queues may be configured to restrict the utilization of of end-users of a "free access" or "shared password" group to an acceptable rate and priority given the amount of revenue generated (or lack thereof).
The rXg also has an integrated end-user survey mechanism. This mechanism allows the operator to quickly and easily build a survey for end-users to fill out before they are allowed to gain access. It is possible to use this mechanism with any of the login methods, but it is most often used with the "free access" paradigm to capture marketing data. The results of the survey are collated in the surveys view of the archives menu.
The easiest way to integrate survey questions into a login form is to render the survey_question_fields
partial with the following Ruby code:
<%= render :partial => 'survey_questions_fields' %>
It is also very easy to manually generate the survey questions. To require responses for some of all survey questions, simply add the appropriate data format checks to Javascript.
Shared Credential Groups
The shared credential groups scaffold configures the rXg "free access" and "shared password access" captive portal credential mechanisms.
The name field is an arbitrary string descriptor used only for administrative identification. Choose a name that reflects the purpose of the record. This field has no bearing on the configuration or settings determined by this scaffold.
The priority field determines the effective group when an end-user or device is a member of more than one group.
The credential field configures the shared password that will be supplied by end-users to the captive portal in order to gain membership into this shared credential group. In order to configure a "free access" group, the credential that is configured here should be passed as an HTML hidden input field in the login form.
The policy field associates this group object with a policy object. The policy object relates the group to objects that specify the configuration of the control and communication features of the rXg that determine the end-user experience.
The note field is a place for the administrator to enter a comment. This field is purely informational and has no bearing on the configuration settings.
The time , download quota and upload quota fields configure the maximum amount of usage that an end-user may consume before membership to a shared credential group is canceled and the intersession (if specified) takes effect. The usage fields are enforced on a per-device basis and logical disjunction between all three fields is used to determine if usage has been exhausted.
The state field allows the operator to enable or disable logins for the credential.
The effective and expires fields configure the window of time this credential is valid. Logins are permitted during the window.
The days fields restrict the credential to particular days of the week. Logins are permitted on days that are checked.
The recurring option allows the effective and expires times to be adjusted on a recurring interval basis. When recurring is enabled by a setting other than "none", after the expires time has past, the effective time will be adjusted based on the recurring setting. For example, a recurring of "daily" will cause the effective time to be bumped up to the same time of the following day. Recurring behavior stops after the recurring end time (if configured).
The splash portals fields define which captive portals this credential may be logged in from. Use these fields to limit the availability of certain shared credentials to specific portals which in turn are displayed based on geographic location, network subnet, the expected class of end-users, etc.
The simultaneous sessions field specifies the maximum number of sessions that may exist at any given time for the shared credential group being created. Choosing unlimited disables this restriction and allows an unlimited number of simultaneous sessions to be created as a result of an end-user passing the matching credential. Specifying a number enables this feature and restricts the number of simultaneous sessions to the number specified. This feature is useful in a enterprise or hospitality guest access setting where Internet is purchased for a group with a size that is known ahead of time.
The intersession field specifies the amount of time that an end-user must wait they can login again. This field is used to enforce a policy such as one that only allows one hour of free access per day. The intersession takes effect based on the time shared credential group login. If an end-user has a 24 hour intersession logs in at 9:00 AM, then they will be able to login again at 9:00 AM the next day.
If the automatic login box is checked, the rXg will attempt to automatically login a returning end-user after the first successful authentication, assuming the user has the same MAC address and/or browser cookie. Credential, access and session restrictions are still enforced on subsequent automatic login attempts.
Survey Questions
The survey questions scaffold enables the operator to easily build a form that collects data before allowing an end-user to login.
The position field determines the order the questions appear in the form. A question with a lower position number is displayed before a question with a higher position number. If a record is updated or created and its position conflicts with another record, the conflicting record and all records with a higher position are incremented by one.
The question field specifies the question that will appear in the form.
The question type drop-down specifies what type of input will be used in the survey form. Radio Group s, Select Menu s, and Number Field s will utilize associated Survey Question Options in order to build the appropriate form elements.
The required checkbox determines whether user input will be required for this survey question. If required is enabled, the input will use the HTML5 'required' attribute to validate input, which may not be enforced by all browsers.
When creating a Radio Group or Select Menu , Survey Question Options should be specified to provide the user a list of options to choose from. The Display Text field will be shown in the drop-down menu or next to the radio button as a label, and the value field will be stored in the database as the Survey Answer.
When creating a Number Field , Survey Question Options may be used to specify options that will be provided to the number field input. The option's display name should be one of the following:
- min
- max
- in
- within
- step
The value should be the desired limit for the option.
The note field is a place for the administrator to enter a comment. This field is purely informational and has no bearing on the configuration settings.