Apple CNA not working 200.2

  • 1
  • Question
  • Updated 1 year ago
  • Answered
  • (Edited)
Just updated an Unleashed network to 200.2. The guest network is no longer bringing up the authentication screen on Apple devices, users are forced to open a web browser which can cause confusion and unsatisfactory guest experience. I've tried checking if there is a bypass Apple CNA option like on ZD managed networks but I can't find anything.

Can anyone replicate this problem?
Photo of MLG

MLG

  • 75 Posts
  • 27 Reply Likes

Posted 1 year ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2183 Posts
  • 301 Reply Likes
The purpose of Apple CNA is to prevent the pre-browser "thingy" of Apples, that does not trigger WebAuth authentication correctly.
Photo of MLG

MLG

  • 75 Posts
  • 27 Reply Likes
I did some digging myself. According to 200.2 Release Notes Known Issues:

"The pre-launch browser is not appearing when the Bypass Apple CNA feature is disabled for WISPr and Guest Access authentication. This means that users will have to launch a Safari browser window to be able to complete guest authentication. [UN-444]"

Michael Brado, any idea when this known bug is going to be fixed? This has quite an impact on the guest user experience. 
Photo of MLG

MLG

  • 75 Posts
  • 27 Reply Likes
Right...which I don't want to "prevent". Tpically there is an option to bypass Apple cna or not, but I don't see the option to enable/disable. In 200.1 when I connected to guest network, it promptly brought up authentication page without having to launch safari, which is my intended behavior.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2183 Posts
  • 301 Reply Likes
Sorry I didn't recall that Release Note caveat.

Please open a ticket with our Tech Support, and cite the UN-444 bug and your business impact,
so the Priority gets raised.  That is the best way to get visibility into the developers, to get a 200.2
refresh/patch build asap.  Thank you.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2183 Posts
  • 301 Reply Likes
Hello,

   I've followed the UN-444 "bug" to learn it's related to ZD 9.13 new "feature" to allow HTTPS
URLs for Guest Access redirection.  For Guest WLAN the client HTTP request gets translated
to HTTPS by ZD/Master AP, and won't trigger Apple pre-launch browser.  Users need to open
Safari to finish guest authentication.  This is a limitation for ZD 9.13 and Unleashed 200.2 today,
that DevEng are researching for a possible fix, hopefully by the next release.

  It would still be helpful if you open a ticket, that can be linked to the bug for visibility, that helps
drive priorities.
Photo of MLG

MLG

  • 75 Posts
  • 27 Reply Likes
I submitted a ticket and its status has been updated to "defect". Hopefully this gets resolved soon. 
Photo of maverickmsp

maverickmsp

  • 2 Posts
  • 0 Reply Likes
Agreed. This needs remediation or the option of bypassing it altogether like on the ZDs.