Integration tested on 
Uniti - 6.1.71 (Build: atag_6.1.71_15061)
UAP-AC-Lite - 5.43.35.12698

Configuration time: 20 minutes


1. Get Cloudi-Fi required URL and RADIUS secret

Go to your Cloudi-Fi administration interface and get the URL for external authentication

Go to Locations Menu

Go to Settings > Company Profile:

  • Copy your Cloudi-Fi Company Key

Go to the chat interface and ask for your Radius secret

  • Copy the secret as well

2. Basic captive portal setup

Go to Settings > Guest Control > Guest Policies

  • Enable Guest Portal : checked

  • Authentication : Hotspot

  • Default Expiration : 8 hours

  • Landing Page > Promotional URL : "https://login.cloudi-fi.net/success.php"

  • Redirection > Use Secure Portal - checked

  • Redirection > Redirect using hostname : "Hostname of your Ubiquiti Controller" ( a valid certificate has to be installed, if you don't have any certificate go to section 6 )

Portal Customization >

  • Override templates with custom changes : checked

Here is a screenshot of the described configuration

3. Add a new Radius Server Profile

Settings > Profiles > Radius > Create new radius profile

  • Name : Cloudi-FI Radius

  • IP Address, Port and Secret will be provided by Cloudi-FI Support team

  • Save

4. Assign Radius and set the white list

Go back to Settings > Guest Control > Hotspot

  • Disable All options except Radius

  • Radius : checked

Settings > Guest Control > Radius

  • Profile : Cloudifi-Radius

  • Authentication type : CHAP

Settings > Guest Control > Access Control

  • 178.33.251.41/32

  • login.cloudi-fi.net

5. Deploy customized portal pages

In order to trigger Cloudi-Fi portal a custom web page has to replace the default Ubiquiti Hotspot Portal page for each site where Cloudi-Fi is enabled.

Please take note of the "ch" attribute value from the Splash Page URL retrieved on the first step from Cloudi-Fi Administration Console.

Replace the "<SET YOUR COMPANY KEY HERE>" markup by the "ch" attribute value in the following code and save the code to "index.html" file.

Copy this file into
UniFi Cloud Key: /srv/unifi/data/sites/<site_name>/portal

Mac: /Applications/UniFi.app/Contents/Resources/data/sites/<site_name>/portal

Windows: <Drive_Letter>:\Users\<Username>\Ubiquiti UniFi\data\sites\<site_name>\portal

<script>
var splashurl = "https://login.cloudi-fi.net/auth/saml2/idp/SSOService.php?spentityid=spubiquitiredirect.com&ch=<SET YOUR COMPANY KEY HERE>&";
var Base64 = {
_keyStr: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
encode: function(e) {
var t = "";
var n, r, i, s, o, u, a;
var f = 0;
e = Base64._utf8_encode(e);
while (f < e.length) {
n = e.charCodeAt(f++);
r = e.charCodeAt(f++);
i = e.charCodeAt(f++);
s = n >> 2;
o = (n & 3) << 4 | r >> 4;
u = (r & 15) << 2 | i >> 6;
a = i & 63;
if (isNaN(r)) {
u = a = 64
} else if (isNaN(i)) {
a = 64
}
t = t + this._keyStr.charAt(s) + this._keyStr.charAt(o) +
this._keyStr.charAt(u) + this._keyStr.charAt(a)
}
return t
},
decode: function(e) {
var t = "";
var n, r, i;
var s, o, u, a;
var f = 0;
e = e.replace(/[^A-Za-z0-9\+\/\=]/g, "");
while (f < e.length) {
s = this._keyStr.indexOf(e.charAt(f++));
o = this._keyStr.indexOf(e.charAt(f++));
u = this._keyStr.indexOf(e.charAt(f++));
a = this._keyStr.indexOf(e.charAt(f++));
n = s << 2 | o >> 4;
r = (o & 15) << 4 | u >> 2;
i = (u & 3) << 6 | a;
t = t + String.fromCharCode(n);
if (u != 64) {
t = t + String.fromCharCode(r)
}
if (a != 64) {
t = t + String.fromCharCode(i)
}
}
t = Base64._utf8_decode(t);
return t
},
_utf8_encode: function(e) {
e = e.replace(/\r\n/g, "\n");
var t = "";
for (var n = 0; n < e.length; n++) {
var r = e.charCodeAt(n);
if (r < 128) {
t += String.fromCharCode(r)
} else if (r > 127 && r < 2048) {
t += String.fromCharCode(r >> 6 | 192);
t += String.fromCharCode(r & 63 | 128)
} else {
t += String.fromCharCode(r >> 12 | 224);
t += String.fromCharCode(r >> 6 & 63 | 128);
t += String.fromCharCode(r & 63 | 128)
}
}
return t
},
_utf8_decode: function(e) {
var t = "";
var n = 0;
var r = c1 = c2 = 0;
while (n < e.length) {
r = e.charCodeAt(n);
if (r < 128) {
t += String.fromCharCode(r);
n++
} else if (r > 191 && r < 224) {
c2 = e.charCodeAt(n + 1);
t += String.fromCharCode((r & 31) << 6 | c2 & 63);
n += 2
} else {
c2 = e.charCodeAt(n + 1);
c3 = e.charCodeAt(n + 2);
t += String.fromCharCode((r & 15) << 12 | (c2 & 63) <<
6 | c3 & 63);
n += 3
}
}
return t
}
}

function getQueryParams(parameterName) {
var result = null,
tmp = [];
var items = location.search.substr(1).split("&");
for (var index = 0; index < items.length; index++) {
tmp = items[index].split("=");
if (tmp[0] === parameterName) result = decodeURIComponent(tmp[1]);
}
return result;
}
</script>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Logging in</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body { font-family: Arial; sans-serif; font-size: 14px; text-align: center; padding-top: 40px; }
</style>
</head>
<body>
<div id="spinner"></div>
<script>

function dologin(params,next_url) {
var success_url = next_url ;
var failure_url = splashurl;
var http = new XMLHttpRequest();
http.open("POST", "login", true);
http.timeout = 60000;
http.responseType = 'json';
http.setRequestHeader("Content-type", "application/json");
http.onreadystatechange = function() {
if (http.readyState == 4 && http.status == 200) {
var res = http.response;
if (res && res["meta"]) {
if (res["meta"]["rc"] && res["meta"]["rc"] == "ok") {
window.location.replace(success_url);
} else {
if (res["meta"]["msg"]) {
window.location.replace(failure_url + '&Error=' + res["meta"]["msg"]);
} else {
window.location.replace(failure_url + '&Error=Ubiquiti+Unknown+Error');
}
}
} else {
window.location.replace(failure_url);
}
}
}
http.send(params);
setTimeout(function() {
window.location.replace(failure_url);
}, 62000);
}

var next_url = getQueryParams("next_url");
var params = getQueryParams("params");
dologin(Base64.decode(params),next_url);
</script>
</body>
</html>

6. (optional) Install a public certificate

Cloudi-Fi provides a Keystore which can be deployed directly on your Uniti server, just get in touch in our chat to get the Keystore.

If you want to generate and install your own certificate, have a look at the following guideline : https://help.cloudi-fi.net/en/articles/5193024-ubiquiti-install-a-custom-certificate

Did this answer your question?