I have been trying to set up a captive portal for an IP range using McAfee Web Gateway 126.96.36.199.0. We require it to be IP based so that it supports non-browser applications, such as iPhone/iPad applications. We want it to be a webpage for user authentication, as that provides a better user experience and doesn't rely on the device supporting particular methods. The hope is that devices that recognise Captive Portals will be able to prompt the user as part of the wireless connection process.
My theory is that because the NTLM authentication happens as part of the same session (via response 407), it is still part of the same cycle and redirects back to the authentication server to save the user information before redirecting to the originally requested webpage. When using a webpage (via response 302) to authenticate, it breaks out of the cycle and can't redirect back through the authentication server properly.
Has anyone succesfully made a Captive Portal in MWG that uses a web-page to collect the user credentials? I have thought that perhaps the coaching system may also do what I want, but I have not looked into that as yet.
Note that the MWG environment is a cluster of 6 servers at the moment, and will soon be 10. This makes using PDStorage a less attractive option due to the time it takes to sync the PDStorage values across the cluster.
Any thoughts or suggestions would be greatly appreciated. I have attached an export of the rule set for anyone who is interested in taking a look.