spotngo administrati on - aradial administrati spotngo payment module version 7.0 administrator...
TRANSCRIPT
SPOTNGO ADMINISTRATION
Spotngo Payment Module version 70
Administrator Guide
i
S P O T N G O
Administrator Guide
copy2014 Spotngo Wireless ltd
Information in this document is subject to change without notice Companies names and data used in examples herein are fictitious unless otherwise noted No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose without a prior express written permission from Aradial Technologies Ltd
All other products are trademarks or registered trademarks of their respective owners
1
Table of Contents
INTRODUCING SPOTNGO 2
BEFORE YOU BEGIN 2 SPOTNGO FEATURES 3 LIVE DEMO 4
SPOTNGO WEB GUI ADMINISTRATION 6
GENERAL OVERVIEW 6 CHANGING SPOTNGO LOGIN DETAILS 7 SETTING API USER NAME AND PASSWORD 8 SPOTNGO PRICE PLANS 9 PIN CARDS 13 MERCHANTS 16 PAYMENT LOOKUP 18
SPOTNGO ADVANCED CONFIGURATION 21
AUTHENTICATION 21 DATABASE 22 MISCELLANEOUS 22 PAYPAL 25 HTTP SERVER 26 LOGGING 27 PAYMENT GATEWAY CONFIGURATION 30 CHANGE PAYMENT GATEWAY 31 CONFIGURING VERISIGN PAY FLOW 32
ARADIAL API ndash CONFIGURATION 35 HTTP CONFIGURATION 36 HTTP REQUESTS 36 HTTP PARAMETERS 38 SEQUENCES 40
SPOTNGO ENHANCED PORTAL 42
END USER SERVICE PURCHASE 44 CREDIT CARD SIGNUP 44 CREDIT CARD REFILL 47 BUY PIN CARD 50 PIN CARD REGISTRATION 54 REFILL ACCOUNT 55 WEB INTERFACES 57
RUNNING SPOTNGO 59
SPOTNGO INSTALLATION INSTRUCTIONS 60
GENERAL 60 FIREWALL PORT SETTING 64 CHANGING ADMINISTRATOR CREDENTIALS THROUGH
THE REGISTRY EDITOR 67 ADDING AN API USER IN ARADIAL 69 SECURING SPOTNGO PAYMENT MODULE 71
2
Introducing Spotngo
About Spotngo Payment Module
Welcome to Spotngo Payment Module an All-In-One prepaid billing solution
Spotngo Payment modules include prepaid solutions for Scratch Cards and Online Credit Cards transactions through supported merchant processing for Hotspots HotZones ISP WISP and VOIP deployments
Spotngo Payment Module integrated with the Aradial Radius server will provide a powerful yet easy to deploy and manage solution for prepaid Internet access and VOIP services through enhanced captive portal interface The solution is scalable to support the service provider growing needs
Spotngo offers versions of the module to sale control and manage userrsquos Internet access for Clientrsquos self signup via prepaid scratch cards and online credit card transactions for Hotspots HotZones WISP and VOIP deployments
The module is fully customizable to support the ISPrsquos image and branding as well as location based branding and advertising The module further supports Affiliates branding price groups and reporting
Our design team went in to great efforts to simplify the deployment and maintenance of the solution thereby enabling efficient deployment with minimal technical skills requirements The solution provides the tools and scalability to suite both start up and large service providers through their existing technical team and infrastructure
Before You Begin
This manual is intended for both first time and experienced Spotngo users
If you are a first time user please take time to read Aradial Manual (administrator guide) before reading this document
This manual will aid you in understanding the logic of Spotngo module in order to use its full potential Not doing so might cause undoing and redoing some procedures just because you might find in each chapter better and faster ways of putting your thoughts and needs into practice
If you are an experienced Spotngo user you may use this manual as a reference guide when using your system
Chapter
1
3
Please notice that a lot of work has been put into Spotngo and this manual yet in some cases the manual might prove outdated just because it was printed or added to the distribution CD before some new features have been added to Spotngo module If you encounter new features or changes in Spotngo which are missing from this manual please refer to Spotngos Internet web site at httpwwwspotngocom
which will always include all latest information regarding Spotngo whether it is new features updates to the software or new information regarding vendors supporting Spotngo
If you still have questions after reading this manual and you are not able to find the information in our Internet web site Please contact us by
Email Salesspotngoca
Spotngo Features
Spotngo Payment module gives the operator the ability to provide real time payment capabilities from both administrator and end-user point of view
The following section will describe the high level features supported by Spotngo payment module which will be described in details in the next chapters
Spotngo payment module supports the following
Online real time credit card sign-up for new user registration and account creation
Credit Card refill (support various credit card merchant accounts)
Payment history lookup and queries
Plan and tariff management
End-to-end user self care capabilities (self sign-up activation and refill through prepaid PIN or scratch card
Prepaid card ID and PIN registration
Previously generated PIN lookup and queries
Cards management lookup and queries (including printing and exporting to CSV file)
Creation of prepaid plans
Simple Secured Web GUI administration interface for local and remote management through SSL secured Web GUI technology
Enhanced fully customizable Captive Portal supporting locationrsquos affiliates branding and price groups including multi portal support
4
Currency prefix and postfix
Supporting fee and free based service
Online and email receipts generation
Support for Tax rate
Simple integrations with Aradial Radius Server
User information is integrated with the radius database allowing for full control through single database
Great ROI due to affordable market entry and deployment requirements
Flexible Network deployments supporting a wide range of access controllers and mixed networks
Live Demo
Spotngo live demo can be viewed and accessed via a web browser Sample captive portal with affiliate support httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentCIP=100ampcport=100 httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentPortal=exampleampCIP=100ampcport=100
5
Spotngo Demo Admin interface
httpr02spotngonetArdDemo5SPNGPaymentIsdllpage=MainAdmin Username admin Password password
6
Spotngo WEB GUI Administration
General Overview
The Spotngo Admin web GUI interface can be accessed through the local PC The Payment module is installed on or from any remote PC provided the port for the Payment module is open
For Local Access httpslocalhostPaymentPage=MainAdmin Or httpslocalhostport-numberPaymentPage=MainAdmin For Remote Access httpsRadius-Server-IPPaymentPage=MainAdmin Or httpsRadius-Server-IPPort-NumberPaymentPage=MainAdmin Spotngo comes with Default admin Username and passwords which are Username admin Password Password Notice that you always have to change the default login access credentials prior deployment
For ease of use add the Captive Portal interface and the Web GUI interface to your web browser favorites or create short cuts on your desktop To create short cuts on your desktop drag and drop the website from the favorite list on to your desktop Please Note from security reasons do not save the administrator user name and password on
shared computers
Chapter
2
7
Changing Spotngo Login Details
Changing the Admin login details (username and password) for the Spotngo Payment Module admin interface can be done through the web GUI or through the Registry Editor should you require changing the admin credentials while not being able to access the Admin interface The following are the instruction for changing the login credentials through Spotngo Web GUI
Open the Admin interface (httpslocalhostPaymentpage=MainAdmin )
In the main menu go to Advanced Configuration
Choose Authentication option
8
Enter the new username password password confirmation for the admin and save the details and save the changes
Setting API User name and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Please Note a mismatch between the API Username and Password and the corresponding API
Username and Password in Aradial will prevent the application from exchanging data with Aradial
The page to define the API User admin can be found under Spotngo main page Advanced
configuration Aradial API
The following fields (which Aradial API Configuration consists on) are available on the screen Aradial API URL type
(Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface
(Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
i
S P O T N G O
Administrator Guide
copy2014 Spotngo Wireless ltd
Information in this document is subject to change without notice Companies names and data used in examples herein are fictitious unless otherwise noted No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose without a prior express written permission from Aradial Technologies Ltd
All other products are trademarks or registered trademarks of their respective owners
1
Table of Contents
INTRODUCING SPOTNGO 2
BEFORE YOU BEGIN 2 SPOTNGO FEATURES 3 LIVE DEMO 4
SPOTNGO WEB GUI ADMINISTRATION 6
GENERAL OVERVIEW 6 CHANGING SPOTNGO LOGIN DETAILS 7 SETTING API USER NAME AND PASSWORD 8 SPOTNGO PRICE PLANS 9 PIN CARDS 13 MERCHANTS 16 PAYMENT LOOKUP 18
SPOTNGO ADVANCED CONFIGURATION 21
AUTHENTICATION 21 DATABASE 22 MISCELLANEOUS 22 PAYPAL 25 HTTP SERVER 26 LOGGING 27 PAYMENT GATEWAY CONFIGURATION 30 CHANGE PAYMENT GATEWAY 31 CONFIGURING VERISIGN PAY FLOW 32
ARADIAL API ndash CONFIGURATION 35 HTTP CONFIGURATION 36 HTTP REQUESTS 36 HTTP PARAMETERS 38 SEQUENCES 40
SPOTNGO ENHANCED PORTAL 42
END USER SERVICE PURCHASE 44 CREDIT CARD SIGNUP 44 CREDIT CARD REFILL 47 BUY PIN CARD 50 PIN CARD REGISTRATION 54 REFILL ACCOUNT 55 WEB INTERFACES 57
RUNNING SPOTNGO 59
SPOTNGO INSTALLATION INSTRUCTIONS 60
GENERAL 60 FIREWALL PORT SETTING 64 CHANGING ADMINISTRATOR CREDENTIALS THROUGH
THE REGISTRY EDITOR 67 ADDING AN API USER IN ARADIAL 69 SECURING SPOTNGO PAYMENT MODULE 71
2
Introducing Spotngo
About Spotngo Payment Module
Welcome to Spotngo Payment Module an All-In-One prepaid billing solution
Spotngo Payment modules include prepaid solutions for Scratch Cards and Online Credit Cards transactions through supported merchant processing for Hotspots HotZones ISP WISP and VOIP deployments
Spotngo Payment Module integrated with the Aradial Radius server will provide a powerful yet easy to deploy and manage solution for prepaid Internet access and VOIP services through enhanced captive portal interface The solution is scalable to support the service provider growing needs
Spotngo offers versions of the module to sale control and manage userrsquos Internet access for Clientrsquos self signup via prepaid scratch cards and online credit card transactions for Hotspots HotZones WISP and VOIP deployments
The module is fully customizable to support the ISPrsquos image and branding as well as location based branding and advertising The module further supports Affiliates branding price groups and reporting
Our design team went in to great efforts to simplify the deployment and maintenance of the solution thereby enabling efficient deployment with minimal technical skills requirements The solution provides the tools and scalability to suite both start up and large service providers through their existing technical team and infrastructure
Before You Begin
This manual is intended for both first time and experienced Spotngo users
If you are a first time user please take time to read Aradial Manual (administrator guide) before reading this document
This manual will aid you in understanding the logic of Spotngo module in order to use its full potential Not doing so might cause undoing and redoing some procedures just because you might find in each chapter better and faster ways of putting your thoughts and needs into practice
If you are an experienced Spotngo user you may use this manual as a reference guide when using your system
Chapter
1
3
Please notice that a lot of work has been put into Spotngo and this manual yet in some cases the manual might prove outdated just because it was printed or added to the distribution CD before some new features have been added to Spotngo module If you encounter new features or changes in Spotngo which are missing from this manual please refer to Spotngos Internet web site at httpwwwspotngocom
which will always include all latest information regarding Spotngo whether it is new features updates to the software or new information regarding vendors supporting Spotngo
If you still have questions after reading this manual and you are not able to find the information in our Internet web site Please contact us by
Email Salesspotngoca
Spotngo Features
Spotngo Payment module gives the operator the ability to provide real time payment capabilities from both administrator and end-user point of view
The following section will describe the high level features supported by Spotngo payment module which will be described in details in the next chapters
Spotngo payment module supports the following
Online real time credit card sign-up for new user registration and account creation
Credit Card refill (support various credit card merchant accounts)
Payment history lookup and queries
Plan and tariff management
End-to-end user self care capabilities (self sign-up activation and refill through prepaid PIN or scratch card
Prepaid card ID and PIN registration
Previously generated PIN lookup and queries
Cards management lookup and queries (including printing and exporting to CSV file)
Creation of prepaid plans
Simple Secured Web GUI administration interface for local and remote management through SSL secured Web GUI technology
Enhanced fully customizable Captive Portal supporting locationrsquos affiliates branding and price groups including multi portal support
4
Currency prefix and postfix
Supporting fee and free based service
Online and email receipts generation
Support for Tax rate
Simple integrations with Aradial Radius Server
User information is integrated with the radius database allowing for full control through single database
Great ROI due to affordable market entry and deployment requirements
Flexible Network deployments supporting a wide range of access controllers and mixed networks
Live Demo
Spotngo live demo can be viewed and accessed via a web browser Sample captive portal with affiliate support httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentCIP=100ampcport=100 httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentPortal=exampleampCIP=100ampcport=100
5
Spotngo Demo Admin interface
httpr02spotngonetArdDemo5SPNGPaymentIsdllpage=MainAdmin Username admin Password password
6
Spotngo WEB GUI Administration
General Overview
The Spotngo Admin web GUI interface can be accessed through the local PC The Payment module is installed on or from any remote PC provided the port for the Payment module is open
For Local Access httpslocalhostPaymentPage=MainAdmin Or httpslocalhostport-numberPaymentPage=MainAdmin For Remote Access httpsRadius-Server-IPPaymentPage=MainAdmin Or httpsRadius-Server-IPPort-NumberPaymentPage=MainAdmin Spotngo comes with Default admin Username and passwords which are Username admin Password Password Notice that you always have to change the default login access credentials prior deployment
For ease of use add the Captive Portal interface and the Web GUI interface to your web browser favorites or create short cuts on your desktop To create short cuts on your desktop drag and drop the website from the favorite list on to your desktop Please Note from security reasons do not save the administrator user name and password on
shared computers
Chapter
2
7
Changing Spotngo Login Details
Changing the Admin login details (username and password) for the Spotngo Payment Module admin interface can be done through the web GUI or through the Registry Editor should you require changing the admin credentials while not being able to access the Admin interface The following are the instruction for changing the login credentials through Spotngo Web GUI
Open the Admin interface (httpslocalhostPaymentpage=MainAdmin )
In the main menu go to Advanced Configuration
Choose Authentication option
8
Enter the new username password password confirmation for the admin and save the details and save the changes
Setting API User name and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Please Note a mismatch between the API Username and Password and the corresponding API
Username and Password in Aradial will prevent the application from exchanging data with Aradial
The page to define the API User admin can be found under Spotngo main page Advanced
configuration Aradial API
The following fields (which Aradial API Configuration consists on) are available on the screen Aradial API URL type
(Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface
(Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
1
Table of Contents
INTRODUCING SPOTNGO 2
BEFORE YOU BEGIN 2 SPOTNGO FEATURES 3 LIVE DEMO 4
SPOTNGO WEB GUI ADMINISTRATION 6
GENERAL OVERVIEW 6 CHANGING SPOTNGO LOGIN DETAILS 7 SETTING API USER NAME AND PASSWORD 8 SPOTNGO PRICE PLANS 9 PIN CARDS 13 MERCHANTS 16 PAYMENT LOOKUP 18
SPOTNGO ADVANCED CONFIGURATION 21
AUTHENTICATION 21 DATABASE 22 MISCELLANEOUS 22 PAYPAL 25 HTTP SERVER 26 LOGGING 27 PAYMENT GATEWAY CONFIGURATION 30 CHANGE PAYMENT GATEWAY 31 CONFIGURING VERISIGN PAY FLOW 32
ARADIAL API ndash CONFIGURATION 35 HTTP CONFIGURATION 36 HTTP REQUESTS 36 HTTP PARAMETERS 38 SEQUENCES 40
SPOTNGO ENHANCED PORTAL 42
END USER SERVICE PURCHASE 44 CREDIT CARD SIGNUP 44 CREDIT CARD REFILL 47 BUY PIN CARD 50 PIN CARD REGISTRATION 54 REFILL ACCOUNT 55 WEB INTERFACES 57
RUNNING SPOTNGO 59
SPOTNGO INSTALLATION INSTRUCTIONS 60
GENERAL 60 FIREWALL PORT SETTING 64 CHANGING ADMINISTRATOR CREDENTIALS THROUGH
THE REGISTRY EDITOR 67 ADDING AN API USER IN ARADIAL 69 SECURING SPOTNGO PAYMENT MODULE 71
2
Introducing Spotngo
About Spotngo Payment Module
Welcome to Spotngo Payment Module an All-In-One prepaid billing solution
Spotngo Payment modules include prepaid solutions for Scratch Cards and Online Credit Cards transactions through supported merchant processing for Hotspots HotZones ISP WISP and VOIP deployments
Spotngo Payment Module integrated with the Aradial Radius server will provide a powerful yet easy to deploy and manage solution for prepaid Internet access and VOIP services through enhanced captive portal interface The solution is scalable to support the service provider growing needs
Spotngo offers versions of the module to sale control and manage userrsquos Internet access for Clientrsquos self signup via prepaid scratch cards and online credit card transactions for Hotspots HotZones WISP and VOIP deployments
The module is fully customizable to support the ISPrsquos image and branding as well as location based branding and advertising The module further supports Affiliates branding price groups and reporting
Our design team went in to great efforts to simplify the deployment and maintenance of the solution thereby enabling efficient deployment with minimal technical skills requirements The solution provides the tools and scalability to suite both start up and large service providers through their existing technical team and infrastructure
Before You Begin
This manual is intended for both first time and experienced Spotngo users
If you are a first time user please take time to read Aradial Manual (administrator guide) before reading this document
This manual will aid you in understanding the logic of Spotngo module in order to use its full potential Not doing so might cause undoing and redoing some procedures just because you might find in each chapter better and faster ways of putting your thoughts and needs into practice
If you are an experienced Spotngo user you may use this manual as a reference guide when using your system
Chapter
1
3
Please notice that a lot of work has been put into Spotngo and this manual yet in some cases the manual might prove outdated just because it was printed or added to the distribution CD before some new features have been added to Spotngo module If you encounter new features or changes in Spotngo which are missing from this manual please refer to Spotngos Internet web site at httpwwwspotngocom
which will always include all latest information regarding Spotngo whether it is new features updates to the software or new information regarding vendors supporting Spotngo
If you still have questions after reading this manual and you are not able to find the information in our Internet web site Please contact us by
Email Salesspotngoca
Spotngo Features
Spotngo Payment module gives the operator the ability to provide real time payment capabilities from both administrator and end-user point of view
The following section will describe the high level features supported by Spotngo payment module which will be described in details in the next chapters
Spotngo payment module supports the following
Online real time credit card sign-up for new user registration and account creation
Credit Card refill (support various credit card merchant accounts)
Payment history lookup and queries
Plan and tariff management
End-to-end user self care capabilities (self sign-up activation and refill through prepaid PIN or scratch card
Prepaid card ID and PIN registration
Previously generated PIN lookup and queries
Cards management lookup and queries (including printing and exporting to CSV file)
Creation of prepaid plans
Simple Secured Web GUI administration interface for local and remote management through SSL secured Web GUI technology
Enhanced fully customizable Captive Portal supporting locationrsquos affiliates branding and price groups including multi portal support
4
Currency prefix and postfix
Supporting fee and free based service
Online and email receipts generation
Support for Tax rate
Simple integrations with Aradial Radius Server
User information is integrated with the radius database allowing for full control through single database
Great ROI due to affordable market entry and deployment requirements
Flexible Network deployments supporting a wide range of access controllers and mixed networks
Live Demo
Spotngo live demo can be viewed and accessed via a web browser Sample captive portal with affiliate support httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentCIP=100ampcport=100 httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentPortal=exampleampCIP=100ampcport=100
5
Spotngo Demo Admin interface
httpr02spotngonetArdDemo5SPNGPaymentIsdllpage=MainAdmin Username admin Password password
6
Spotngo WEB GUI Administration
General Overview
The Spotngo Admin web GUI interface can be accessed through the local PC The Payment module is installed on or from any remote PC provided the port for the Payment module is open
For Local Access httpslocalhostPaymentPage=MainAdmin Or httpslocalhostport-numberPaymentPage=MainAdmin For Remote Access httpsRadius-Server-IPPaymentPage=MainAdmin Or httpsRadius-Server-IPPort-NumberPaymentPage=MainAdmin Spotngo comes with Default admin Username and passwords which are Username admin Password Password Notice that you always have to change the default login access credentials prior deployment
For ease of use add the Captive Portal interface and the Web GUI interface to your web browser favorites or create short cuts on your desktop To create short cuts on your desktop drag and drop the website from the favorite list on to your desktop Please Note from security reasons do not save the administrator user name and password on
shared computers
Chapter
2
7
Changing Spotngo Login Details
Changing the Admin login details (username and password) for the Spotngo Payment Module admin interface can be done through the web GUI or through the Registry Editor should you require changing the admin credentials while not being able to access the Admin interface The following are the instruction for changing the login credentials through Spotngo Web GUI
Open the Admin interface (httpslocalhostPaymentpage=MainAdmin )
In the main menu go to Advanced Configuration
Choose Authentication option
8
Enter the new username password password confirmation for the admin and save the details and save the changes
Setting API User name and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Please Note a mismatch between the API Username and Password and the corresponding API
Username and Password in Aradial will prevent the application from exchanging data with Aradial
The page to define the API User admin can be found under Spotngo main page Advanced
configuration Aradial API
The following fields (which Aradial API Configuration consists on) are available on the screen Aradial API URL type
(Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface
(Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
2
Introducing Spotngo
About Spotngo Payment Module
Welcome to Spotngo Payment Module an All-In-One prepaid billing solution
Spotngo Payment modules include prepaid solutions for Scratch Cards and Online Credit Cards transactions through supported merchant processing for Hotspots HotZones ISP WISP and VOIP deployments
Spotngo Payment Module integrated with the Aradial Radius server will provide a powerful yet easy to deploy and manage solution for prepaid Internet access and VOIP services through enhanced captive portal interface The solution is scalable to support the service provider growing needs
Spotngo offers versions of the module to sale control and manage userrsquos Internet access for Clientrsquos self signup via prepaid scratch cards and online credit card transactions for Hotspots HotZones WISP and VOIP deployments
The module is fully customizable to support the ISPrsquos image and branding as well as location based branding and advertising The module further supports Affiliates branding price groups and reporting
Our design team went in to great efforts to simplify the deployment and maintenance of the solution thereby enabling efficient deployment with minimal technical skills requirements The solution provides the tools and scalability to suite both start up and large service providers through their existing technical team and infrastructure
Before You Begin
This manual is intended for both first time and experienced Spotngo users
If you are a first time user please take time to read Aradial Manual (administrator guide) before reading this document
This manual will aid you in understanding the logic of Spotngo module in order to use its full potential Not doing so might cause undoing and redoing some procedures just because you might find in each chapter better and faster ways of putting your thoughts and needs into practice
If you are an experienced Spotngo user you may use this manual as a reference guide when using your system
Chapter
1
3
Please notice that a lot of work has been put into Spotngo and this manual yet in some cases the manual might prove outdated just because it was printed or added to the distribution CD before some new features have been added to Spotngo module If you encounter new features or changes in Spotngo which are missing from this manual please refer to Spotngos Internet web site at httpwwwspotngocom
which will always include all latest information regarding Spotngo whether it is new features updates to the software or new information regarding vendors supporting Spotngo
If you still have questions after reading this manual and you are not able to find the information in our Internet web site Please contact us by
Email Salesspotngoca
Spotngo Features
Spotngo Payment module gives the operator the ability to provide real time payment capabilities from both administrator and end-user point of view
The following section will describe the high level features supported by Spotngo payment module which will be described in details in the next chapters
Spotngo payment module supports the following
Online real time credit card sign-up for new user registration and account creation
Credit Card refill (support various credit card merchant accounts)
Payment history lookup and queries
Plan and tariff management
End-to-end user self care capabilities (self sign-up activation and refill through prepaid PIN or scratch card
Prepaid card ID and PIN registration
Previously generated PIN lookup and queries
Cards management lookup and queries (including printing and exporting to CSV file)
Creation of prepaid plans
Simple Secured Web GUI administration interface for local and remote management through SSL secured Web GUI technology
Enhanced fully customizable Captive Portal supporting locationrsquos affiliates branding and price groups including multi portal support
4
Currency prefix and postfix
Supporting fee and free based service
Online and email receipts generation
Support for Tax rate
Simple integrations with Aradial Radius Server
User information is integrated with the radius database allowing for full control through single database
Great ROI due to affordable market entry and deployment requirements
Flexible Network deployments supporting a wide range of access controllers and mixed networks
Live Demo
Spotngo live demo can be viewed and accessed via a web browser Sample captive portal with affiliate support httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentCIP=100ampcport=100 httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentPortal=exampleampCIP=100ampcport=100
5
Spotngo Demo Admin interface
httpr02spotngonetArdDemo5SPNGPaymentIsdllpage=MainAdmin Username admin Password password
6
Spotngo WEB GUI Administration
General Overview
The Spotngo Admin web GUI interface can be accessed through the local PC The Payment module is installed on or from any remote PC provided the port for the Payment module is open
For Local Access httpslocalhostPaymentPage=MainAdmin Or httpslocalhostport-numberPaymentPage=MainAdmin For Remote Access httpsRadius-Server-IPPaymentPage=MainAdmin Or httpsRadius-Server-IPPort-NumberPaymentPage=MainAdmin Spotngo comes with Default admin Username and passwords which are Username admin Password Password Notice that you always have to change the default login access credentials prior deployment
For ease of use add the Captive Portal interface and the Web GUI interface to your web browser favorites or create short cuts on your desktop To create short cuts on your desktop drag and drop the website from the favorite list on to your desktop Please Note from security reasons do not save the administrator user name and password on
shared computers
Chapter
2
7
Changing Spotngo Login Details
Changing the Admin login details (username and password) for the Spotngo Payment Module admin interface can be done through the web GUI or through the Registry Editor should you require changing the admin credentials while not being able to access the Admin interface The following are the instruction for changing the login credentials through Spotngo Web GUI
Open the Admin interface (httpslocalhostPaymentpage=MainAdmin )
In the main menu go to Advanced Configuration
Choose Authentication option
8
Enter the new username password password confirmation for the admin and save the details and save the changes
Setting API User name and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Please Note a mismatch between the API Username and Password and the corresponding API
Username and Password in Aradial will prevent the application from exchanging data with Aradial
The page to define the API User admin can be found under Spotngo main page Advanced
configuration Aradial API
The following fields (which Aradial API Configuration consists on) are available on the screen Aradial API URL type
(Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface
(Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
3
Please notice that a lot of work has been put into Spotngo and this manual yet in some cases the manual might prove outdated just because it was printed or added to the distribution CD before some new features have been added to Spotngo module If you encounter new features or changes in Spotngo which are missing from this manual please refer to Spotngos Internet web site at httpwwwspotngocom
which will always include all latest information regarding Spotngo whether it is new features updates to the software or new information regarding vendors supporting Spotngo
If you still have questions after reading this manual and you are not able to find the information in our Internet web site Please contact us by
Email Salesspotngoca
Spotngo Features
Spotngo Payment module gives the operator the ability to provide real time payment capabilities from both administrator and end-user point of view
The following section will describe the high level features supported by Spotngo payment module which will be described in details in the next chapters
Spotngo payment module supports the following
Online real time credit card sign-up for new user registration and account creation
Credit Card refill (support various credit card merchant accounts)
Payment history lookup and queries
Plan and tariff management
End-to-end user self care capabilities (self sign-up activation and refill through prepaid PIN or scratch card
Prepaid card ID and PIN registration
Previously generated PIN lookup and queries
Cards management lookup and queries (including printing and exporting to CSV file)
Creation of prepaid plans
Simple Secured Web GUI administration interface for local and remote management through SSL secured Web GUI technology
Enhanced fully customizable Captive Portal supporting locationrsquos affiliates branding and price groups including multi portal support
4
Currency prefix and postfix
Supporting fee and free based service
Online and email receipts generation
Support for Tax rate
Simple integrations with Aradial Radius Server
User information is integrated with the radius database allowing for full control through single database
Great ROI due to affordable market entry and deployment requirements
Flexible Network deployments supporting a wide range of access controllers and mixed networks
Live Demo
Spotngo live demo can be viewed and accessed via a web browser Sample captive portal with affiliate support httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentCIP=100ampcport=100 httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentPortal=exampleampCIP=100ampcport=100
5
Spotngo Demo Admin interface
httpr02spotngonetArdDemo5SPNGPaymentIsdllpage=MainAdmin Username admin Password password
6
Spotngo WEB GUI Administration
General Overview
The Spotngo Admin web GUI interface can be accessed through the local PC The Payment module is installed on or from any remote PC provided the port for the Payment module is open
For Local Access httpslocalhostPaymentPage=MainAdmin Or httpslocalhostport-numberPaymentPage=MainAdmin For Remote Access httpsRadius-Server-IPPaymentPage=MainAdmin Or httpsRadius-Server-IPPort-NumberPaymentPage=MainAdmin Spotngo comes with Default admin Username and passwords which are Username admin Password Password Notice that you always have to change the default login access credentials prior deployment
For ease of use add the Captive Portal interface and the Web GUI interface to your web browser favorites or create short cuts on your desktop To create short cuts on your desktop drag and drop the website from the favorite list on to your desktop Please Note from security reasons do not save the administrator user name and password on
shared computers
Chapter
2
7
Changing Spotngo Login Details
Changing the Admin login details (username and password) for the Spotngo Payment Module admin interface can be done through the web GUI or through the Registry Editor should you require changing the admin credentials while not being able to access the Admin interface The following are the instruction for changing the login credentials through Spotngo Web GUI
Open the Admin interface (httpslocalhostPaymentpage=MainAdmin )
In the main menu go to Advanced Configuration
Choose Authentication option
8
Enter the new username password password confirmation for the admin and save the details and save the changes
Setting API User name and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Please Note a mismatch between the API Username and Password and the corresponding API
Username and Password in Aradial will prevent the application from exchanging data with Aradial
The page to define the API User admin can be found under Spotngo main page Advanced
configuration Aradial API
The following fields (which Aradial API Configuration consists on) are available on the screen Aradial API URL type
(Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface
(Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
4
Currency prefix and postfix
Supporting fee and free based service
Online and email receipts generation
Support for Tax rate
Simple integrations with Aradial Radius Server
User information is integrated with the radius database allowing for full control through single database
Great ROI due to affordable market entry and deployment requirements
Flexible Network deployments supporting a wide range of access controllers and mixed networks
Live Demo
Spotngo live demo can be viewed and accessed via a web browser Sample captive portal with affiliate support httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentCIP=100ampcport=100 httpr02spotngonetArdDemo5SPNGPaymentIsdllPaymentPortal=exampleampCIP=100ampcport=100
5
Spotngo Demo Admin interface
httpr02spotngonetArdDemo5SPNGPaymentIsdllpage=MainAdmin Username admin Password password
6
Spotngo WEB GUI Administration
General Overview
The Spotngo Admin web GUI interface can be accessed through the local PC The Payment module is installed on or from any remote PC provided the port for the Payment module is open
For Local Access httpslocalhostPaymentPage=MainAdmin Or httpslocalhostport-numberPaymentPage=MainAdmin For Remote Access httpsRadius-Server-IPPaymentPage=MainAdmin Or httpsRadius-Server-IPPort-NumberPaymentPage=MainAdmin Spotngo comes with Default admin Username and passwords which are Username admin Password Password Notice that you always have to change the default login access credentials prior deployment
For ease of use add the Captive Portal interface and the Web GUI interface to your web browser favorites or create short cuts on your desktop To create short cuts on your desktop drag and drop the website from the favorite list on to your desktop Please Note from security reasons do not save the administrator user name and password on
shared computers
Chapter
2
7
Changing Spotngo Login Details
Changing the Admin login details (username and password) for the Spotngo Payment Module admin interface can be done through the web GUI or through the Registry Editor should you require changing the admin credentials while not being able to access the Admin interface The following are the instruction for changing the login credentials through Spotngo Web GUI
Open the Admin interface (httpslocalhostPaymentpage=MainAdmin )
In the main menu go to Advanced Configuration
Choose Authentication option
8
Enter the new username password password confirmation for the admin and save the details and save the changes
Setting API User name and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Please Note a mismatch between the API Username and Password and the corresponding API
Username and Password in Aradial will prevent the application from exchanging data with Aradial
The page to define the API User admin can be found under Spotngo main page Advanced
configuration Aradial API
The following fields (which Aradial API Configuration consists on) are available on the screen Aradial API URL type
(Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface
(Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
5
Spotngo Demo Admin interface
httpr02spotngonetArdDemo5SPNGPaymentIsdllpage=MainAdmin Username admin Password password
6
Spotngo WEB GUI Administration
General Overview
The Spotngo Admin web GUI interface can be accessed through the local PC The Payment module is installed on or from any remote PC provided the port for the Payment module is open
For Local Access httpslocalhostPaymentPage=MainAdmin Or httpslocalhostport-numberPaymentPage=MainAdmin For Remote Access httpsRadius-Server-IPPaymentPage=MainAdmin Or httpsRadius-Server-IPPort-NumberPaymentPage=MainAdmin Spotngo comes with Default admin Username and passwords which are Username admin Password Password Notice that you always have to change the default login access credentials prior deployment
For ease of use add the Captive Portal interface and the Web GUI interface to your web browser favorites or create short cuts on your desktop To create short cuts on your desktop drag and drop the website from the favorite list on to your desktop Please Note from security reasons do not save the administrator user name and password on
shared computers
Chapter
2
7
Changing Spotngo Login Details
Changing the Admin login details (username and password) for the Spotngo Payment Module admin interface can be done through the web GUI or through the Registry Editor should you require changing the admin credentials while not being able to access the Admin interface The following are the instruction for changing the login credentials through Spotngo Web GUI
Open the Admin interface (httpslocalhostPaymentpage=MainAdmin )
In the main menu go to Advanced Configuration
Choose Authentication option
8
Enter the new username password password confirmation for the admin and save the details and save the changes
Setting API User name and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Please Note a mismatch between the API Username and Password and the corresponding API
Username and Password in Aradial will prevent the application from exchanging data with Aradial
The page to define the API User admin can be found under Spotngo main page Advanced
configuration Aradial API
The following fields (which Aradial API Configuration consists on) are available on the screen Aradial API URL type
(Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface
(Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
6
Spotngo WEB GUI Administration
General Overview
The Spotngo Admin web GUI interface can be accessed through the local PC The Payment module is installed on or from any remote PC provided the port for the Payment module is open
For Local Access httpslocalhostPaymentPage=MainAdmin Or httpslocalhostport-numberPaymentPage=MainAdmin For Remote Access httpsRadius-Server-IPPaymentPage=MainAdmin Or httpsRadius-Server-IPPort-NumberPaymentPage=MainAdmin Spotngo comes with Default admin Username and passwords which are Username admin Password Password Notice that you always have to change the default login access credentials prior deployment
For ease of use add the Captive Portal interface and the Web GUI interface to your web browser favorites or create short cuts on your desktop To create short cuts on your desktop drag and drop the website from the favorite list on to your desktop Please Note from security reasons do not save the administrator user name and password on
shared computers
Chapter
2
7
Changing Spotngo Login Details
Changing the Admin login details (username and password) for the Spotngo Payment Module admin interface can be done through the web GUI or through the Registry Editor should you require changing the admin credentials while not being able to access the Admin interface The following are the instruction for changing the login credentials through Spotngo Web GUI
Open the Admin interface (httpslocalhostPaymentpage=MainAdmin )
In the main menu go to Advanced Configuration
Choose Authentication option
8
Enter the new username password password confirmation for the admin and save the details and save the changes
Setting API User name and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Please Note a mismatch between the API Username and Password and the corresponding API
Username and Password in Aradial will prevent the application from exchanging data with Aradial
The page to define the API User admin can be found under Spotngo main page Advanced
configuration Aradial API
The following fields (which Aradial API Configuration consists on) are available on the screen Aradial API URL type
(Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface
(Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
7
Changing Spotngo Login Details
Changing the Admin login details (username and password) for the Spotngo Payment Module admin interface can be done through the web GUI or through the Registry Editor should you require changing the admin credentials while not being able to access the Admin interface The following are the instruction for changing the login credentials through Spotngo Web GUI
Open the Admin interface (httpslocalhostPaymentpage=MainAdmin )
In the main menu go to Advanced Configuration
Choose Authentication option
8
Enter the new username password password confirmation for the admin and save the details and save the changes
Setting API User name and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Please Note a mismatch between the API Username and Password and the corresponding API
Username and Password in Aradial will prevent the application from exchanging data with Aradial
The page to define the API User admin can be found under Spotngo main page Advanced
configuration Aradial API
The following fields (which Aradial API Configuration consists on) are available on the screen Aradial API URL type
(Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface
(Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
8
Enter the new username password password confirmation for the admin and save the details and save the changes
Setting API User name and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Please Note a mismatch between the API Username and Password and the corresponding API
Username and Password in Aradial will prevent the application from exchanging data with Aradial
The page to define the API User admin can be found under Spotngo main page Advanced
configuration Aradial API
The following fields (which Aradial API Configuration consists on) are available on the screen Aradial API URL type
(Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface
(Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
9
Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhost8000Admin API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password) Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial Notice that the changes will take effect following the next payment module service restart
Spotngo Price Plans
Spotngo enables service providers to support and offer flexible price plans Price plans can be defined as fixed prices plans time plans or volume plans
Spotngo provides web interface to view create or edit price plans
The page can be found under Spotngo main page Plans
The Plans page is opened in View mode by default and presents the available price plans in Spotngo
The following fields are presented in the Edit mode
Plan name the field present the tariff plan name as inserted in the plan registration
Description the field present the description tariff plan name as inserted in the plan registration
Price Price for the specific plan Once a user is purchasing a plan the price will be sent to the credit card in order to debit the user
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
10
Enforcement type the field present the enforcement type chosen in the plan registration For details about the various enforcement types please refer to the Add Plan section
Price Group the field presenting the price group identifier inserted in the plan registration For more details about the price group identifier please refer to the Add Plan section
Aradial Group The field presenting the Aradial Group as inserted in the plan registration The group will be used once the user is created in Aradial with the specified Aradial group
Action The action enable the user to delete specific plan Once pressing the Delete hyperlink a confirmation massage will ask the user to approve deletion Once approving the massage the plan will be deleted
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
11
Pressing the Add option will present the following page and will allow the admin to create new price plan
The following fields are available when creating new price plan
Plan name Unique Plan Identifier The plan name must not be changed for the duration of the plan validity as it will affect all associated transactions and vouchers
Position The position field is used for presentation purposes Once the user is purchasing a plan he will see all available plans in a drop down list The position field enable to sort the available plans in the requested order The position is a numeric field and requires a number
Plan description the field should be populated with the plan free description The plan description will be presented to the end user
Price the price for the specific plan Once a user will purchase the plan the related price will be sent to the credit card interface and will be debited from the customer balance
Enforcement type the enforcement type drop down allow the following options
Auto Expire Continuous use price plan Clients will receive continuous access for the duration set in the Expiration Time from client first login regardless of the client actual usage The time units are set in minutes
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
12
For example when Expiration Time is set to 120 minutes the client will receive service for 120 continuous minutes from client first login Account activated at 105 PM by client first login will be valid through to 305 PM regardless of the amount of time the client utilized the service Metering Net usage price plan The client account will be credited with time as set in the duration of the time bank The unused balance will carry forward for future access as long as the account is valid
For Example 120 Minutes time bank will allow the client to use the network for a net time amount of 120 minutes If 15 minutes were used in a session the client will have 105 minutes remaining on the account for future sessions This balance will remain for the duration of the account validity
Price group identifier The field is used for presentation purposes and allow the provider to present certain groups by specific identifier
Aradial group When creating new plan the user is requested to insert Aradial group Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the Aradial group specified in the plan registration
Aradial Business Entity The users that purchase the specific plan will be automatically assigned to a business entity defined in Aradial Enforcer
User service When creating new plan the user is requested to insert User service Once a user will purchase the specific plan a related user will have to be created in Aradial The user will be created with the user service specified in the plan registration
The field is a numeric field and expect to get a valid number which represent Aradial user service The available user services (numbers) can be found in the NasCfgDbs configuration file under RadDB directory
Time bank The field allow the user to populate the user time bank with specific value (in minutes) when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce time bank Decide whether to enforce the time bank or not Once a user will be created in Aradial the indication will be created to the user
MB bank The field allow the user to populate the user MB bank with specific value when the user will be created in Aradial The field should be correlated with the chosen enforcement type method
Enforce MB bank Decide whether to enforce the MB bank or not Once a user will be created in Aradial the indication will be created to the user
Expiration time Expiration time for the plan (in minutes) This field should be correlated with the chosen enforcement type
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
13
Merchant ID The field indicates to who the money will be transferred once a user will purchase the plan When a user is purchasing the plan Spotngo should send debit request (by credit card) By this field Spotngo will know who should receive the money
Please note For more detailed information about the merchant please refer to the Merchants section
PIN Cards
Spotngo allow the service provider to generate and support full life cycle for PIN card generation and refill
The provider can generate batch of PIN cards in one batch activity using web interface
The page can be found under Spotngo main page Pin Cards
The PIN card have two options
Pressing the View option will present the following page
The lookup PIN Cards page support the following fields
Plan name the field will present all available plan names in a drop down list and will enable searching for specific plan Choosing a plan means that the search will be done for all PIN Cards created for the specific plan regardless the card status
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
14
Status the field is a drop down list and enable searches based on all PIN Card statuses in the PIN card life cycle (used not used deleted)
Card ID Search PIN card by Card ID (unique field which will present max single result)
User ID search based on User ID Searching by this field will present all PIN cards refilled for a specific user ID
User Email search based on User Email Searching by this field will present all PIN cards refilled for a specific user
Activation date Search PIN card based on their activation date Spotngo also support search based on dates ranges (activation from ndash to)
To Screen Default report presentation on screen
Printable report Selecting this option means that a printable report will be opened and allow the user to send the results to a connected printer
Export to file Selecting this option the user can export the search results to a CSV output file
After populating the relevant parameter and pressing the search button the following page will be opened and present the requested PIN Cards
Card ID the field is presenting the Card ID generated by Spotngo based on the input parameters (card prefix first card number)
PIN The field presents the PIN generated by the Spotngo for the specific card ID When the user will purchase a card and would like to refill it he must use the PIN number which will be validated by Spotngo
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
15
Plan The field will present the plan associated with the card
User Name Once the card was used and refilled for a customer this field will present the related user name
Email Once the card was used and refilled for a customer this field will present the related user email address
Activation Date the field will present the date the PIN card was activated (the date the refill was done)
Mark For Delete The button enables the user to mark a specific PIN card as deleted Once marking a card its status will be changed to Deleted and the card will no longer be active and cannot be used PIN card with a Deleted status will still be available and can be viewed in the search results screen
Permanently Delete The button enables the user to permanently delete the PIN card Once deleting a PIN card it will be removed and will not be available or viewed in the search results screen
Add PIN card option
Once pressing the Add option the above screen will be opened and allow the user to generate new batches of PIN cards
The following fields are available in the Add PIN cards page
Number of Cards to Generate The field enable the user to generate bulk of PIN cards with shared attributes
Plan Name The field enables to associate pre-defined plan with bulk of PIN cards After the card will be generated he will include the plan the card offer to the user
Card Prefix The field enables the user to set the card prefix in order to allow easy cards management
First Card Number The field enables the user to set the first card number All other PIN cards in the same bulk will be sequential
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
16
Number of Card Id Digits The user is able to set the card ID number length by this field
Number of PIN Characters The field enables the user to set the PIN length
Type of PIN Characters The field enables the user to decide the way the PIN numbers will be generated and allow combinations of numbers (0-9) numbers and capital letters (0-9 and A-Z) and a combination of numbers and letters (0-9 A-Z and a-z)
Pressing the Generate button will run the process and generate the PIN cards based on the input parameters
Once the batch will be completed the following result screen will present the generated cards and PIN numbers and will allow the user to print the results
Merchants
Spotngo allows the service provider to define various merchants in the system and to allow automatic payments transfer to a specific payment gateway by attaching the merchant ID to a specific plan
The page can be found under Spotngo main page Merchants
The Merchants have two options
Pressing the Edit option will present the following page
Merchant Name The field presents the Merchant name as inserted in the merchant registration
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
17
ID The field presents the Merchant ID as appears in the merchant registration
Password The field presents the Merchant password as appears in the merchant registration
Currency The field presents the Merchant currency as appears in the merchant registration
Pressing the merchant name (hyperlink) will open the Merchant details page and allow the user to change edit his details
Pressing the Add option will open the following page
Please note As mentioned on the screen not all parameters are supported or relevant for all payment gateways
The following fields are available in the Add merchant page
Merchant name The field is a free text field allowing the user to insert the merchant name
Merchant ID The field is a free text field allowing the user to insert the merchant ID
Password As part of the merchant registration the user will be requested to insert password which will be used as part of the authentication when transferring the information to a specific payment gateway
URL The URL field can use as a replacement URL for the merchant operation for Payment operations
Currency The field allows to define the currency for specific Merchant Spotngo allows the user to register multi merchant with any currency definition
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
18
Custom Auth parameters 1-5 The custom fields are basically not is use however they can be used by modifying the HTTP Parameters if needed
Payment Lookup
Spotngo provides a payment lookup screen which will enable the user to view and track the payments done by Spotngo as well as their payment and user related details
The page can be found under Spotngo main page Payment lookup
Pressing the payment lookup option will open the search page
The following search criteria are available in the page
Plan name The drop down list will present all available plans defined in Spotngo Search can be done based on plan
ID Allow the user to search payments based on ID
Email Allow the user to search payments based on user email address
Name Allow the user to search payments based on first and last name of the user the payment was done to
Purchase date Allow the user to search payments by the purchase date (the date the payment by PIN card was done) Spotngo also supports searches between ranges of dates using the from and to fields
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
19
Hotspot ID Allow the user to search payment for specific hotspot ID chosen from the drop down list Not choosing hotspot means the search will be done for all available hotspots
Report type Drop down list allow the user to choose between individual payments to summary payments The individual payments will present the payments (based on the search criteria) one by one Each payment in a line as follows
The payments and their highlights will be presented for each payment
When choosing the summary payment the following page will be opened
The payments will be presented as a count in one line group by their hotspot ID
Printable Report Selecting this option will open the result page in a way the user will be able to print the results
Export to file Selecting this option the user can export the search results to a CSV output file
Spotngo allows the provider to view payment details for specific payment by clicking on the Details hyperlink in the payment lookup result page
Clicking on the hyperlink will present the following page
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
20
The screen will present two areas of information
General payment details general details for the specific payment (eg PIN card details plan details etc)
User creation parameters In case of a user creation the details will be presented in this section
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
21
Spotngo Advanced Configuration
Spotngo Advanced Configuration allows you to manage several settings for Spotngo such as which data base to connect logging settings and more
Advanced Configuration page may be reached from the Spotngo main page by clicking on Advanced Configuration
Authentication
Spotngo authentication page allow the user to define andor change the user name and password using for login
The page can be found under the main Spotngo screen advanced configuration authentication
Spotngo Admin Login Use this field to change the name required to enter Spotngo Administrator interface
Spotngo Admin Password Use this field to change the password required to enter Spotngo Administrator interface Make this password as secure as possible meaning it should contain at least 8 characters preferably mixed letters numbers and special characters such as $^amp
Confirm Spotngo Admin Password Use this field to confirm the password change
Chapter
3
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
22
Spotngo Admin Realm The name of your Domain used when authenticating OS users
Database
The page can be found under the main Spotngo screen advanced configuration database
Database Connect String Use this field to change the connect string to Spotngo database The connection string format is DatabaseNameUserPassword If no user name and password are needed you may omit them and their semi-colon () delimiter
Maximal Open Connections Use this field to set the maximum number of database connections allowed at once The default value is 15 If a higher number of concurrent transactions is required to be processed make sure you have the right hardware requirements
Miscellaneous
The page can be found under the main Spotngo screen Advanced Configuration Miscellaneous
Application settings
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
23
Application Path Specify the Aradial application path location
Syslog Host Specify the host (IP address) for the syslog
Enable Multi-Threading Definition whether to support multithreading processes or not
Service Provider Name Global parameter for the service provider name
Web Self Care URL Specify the URL for the web Self Care application
Currency Prefix Specify the currency and whether the currency will be added as prefix or not
Currency Suffix Specify the currency and whether the currency will be added as suffix or not
Tax rate Defines the tax rate in the system level
Please note changing the above parameters require system restart The changes will take affect only after restarting the Spotngo service
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
24
Date setting
Century Separator Specifies the separator between centuries
Date format Defines the time format the Spotngo will use
Chillispot Settings
Chillispot uam secret
The Chillispot is used for the redirection When Spotngo redirect the user he needs to provide the uam which is like a password This field define the uam (password) to be sent to the chillispot once redirecting the user
Terabeam settings
Terabeam Login Trigger URL The URL which the login form submits after typing the user-name password
Terabeam Logout Trigger URL The URL to submit in order to disconnect
Payment Submission Settings
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
25
HTTP request timeout this field define the timeout for payment requests in seconds Meaning that when Spotngo send payment request to the payment gateway and there is no response for 120 seconds the request will be timed out and payment will not be granted or committed
CC Response Parser The response parser which is used to parse the response of the Payment Gateway Usually it is set automatically when switching payment gateways In rare cases it can be changed manually
PayPal
Paypal Email Paypal merchant email
Paypal URL Paypal URL This URL needs to be updated also in the HTTP Request ldquoPaypal Validaterdquo at the URL field
Spotngo URL Spotngo Portal URL
Number of retries Limit the number of retries for PayPal validation
Time to wait between retries Limit the time between retries of PayPal validation
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
26
HTTP Server
The page can be found under the main Spotngo screen advanced configuration HTTP Server
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
27
Logging
Spotngo can extensively log to text files all operation it conducts The Log Configuration page permits you to set the logging options for each Spotngo component such as starting and stopping the logging operation erasing and time-stamping the resulting log files and the physical location of the log files
The page can be found under the main Spotngo screen Advanced Configuration Logging
For each of the above components you may log the following events
Severe Severe errors which may cause problems to the functionality of Spotngo
Warning Warning of non-critical errors such error may usually be disregarded unless they happen continuously
Info Information regarding most steps the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
Debug Logs everything every single step the component is doing Use this only in desperate situations as this generates a great amount of information and slows down the logged component considerably
ODBC Severe Severe ODBC errors which may cause data faults in the database or information not to be written to the database
ODBC Warning Warning of non-critical ODBC errors such error may usually be disregarded unless they happen continuously
ODBC Info Information regarding most database operations the component is doing Usually you should not turn on this on as it generates excessive information and tends to slow down the logged component
HTTP Request Information regarding the HTTP request
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
28
Edit the logs configurations
When selecting one of the components to edit (by Option hyperlink) its logging options you will be presented with the following options
Enable Turn onoff the logging for the specified component
Log to Windows Event Viewer (NTXP2K+) Turn onoff delivery of log to the NT Event Log
Log to SYSLOG Turn onoff delivery of log to a SYSLOG host as defined in the Advanced Configuration Page
SYSLOG Priority Set the severity of the SYSLOG message
Erase on Startup Turn onoff erasure of the log file when the component is started When turned on the log file will be immediately erased when the component is started Usually you should turn this to off
Close Every Write Turn onoff closing the log file after each log write This permits you to view the log file while it is being written Usually you should turn on this option as unless you do so you will not be able to view the log until you stop the component
Flush Every Write Turn onoff flush after each log write Force printing log data from the buffer to the log file every write
Log Time Stamp Turn onoff time-stamping of each log write When turned on this will write to the log the date and time the logged event took place Usually you should turn this option to on
Log Thread Turn onoff presenting the handling server tread of each log write
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
29
File Name Specify the path and filename for the log file If the path and the filename do not exist they will be automatically created Valid file names include the WindowsDOS standard naming convention of drivepathfilename (eg cprogram filesAradiallogsserverlog) and UNC - machinepathfilename (eg PDCcaradiallogsserverlog)
Maximum file size (KB) Configure the logs to change when reaching MAXSIZE of KB
Notice that due to the fact logs usually generate large amounts of data especially when logging debug and info events Spotngo has a safety mechanism to stop writing to the log file when the hard disk is full
You can view the log files using any standard text editor such as Windows Notepad yet notice that due to the size log files tend to grow to Notepad may reject the file You can get many freeware or shareware text editors that do not have a file size limitation in the Internet
View the logs on Spotngo GUI interface
Pressing the View link will present the log file as follows
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
30
The buttons will allow the following operations
1 Present the position (percentage from the total log file)
2 Skip to the beginning of the log
3 Skip 1 page backward
4 skip 1 page forward
5 skip to the end of the log (last page)
6 Go back to the main logging page
Payment Gateway Configuration
The gateway configuration describe the mandatory details to be transferred to the payment gateway
The page can be changes according to the selected payment gateway (please refer to the next section change payment gateway)
The following fields are important when accessing the payment gateway
X_login The field define the login (user name) to be transferred once accessing the payment gateway
X_tran_key The field define the key (password) to be transferred once accessing the payment gateway
X_test_request The field specify whether Spotngo is working with the payment gateway in real mode or test mode The valid values are TRUE and FLASE
Please note the above screen shot is an example to Authorizenet payment gateway
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
31
Change payment gateway
Spotngo is configured to work and access various payment gateways
The user is allowed to change the payment gateway Spotngo is working with
The following is the page for changing the payment gateway configuration
Steps for changing the payment gateway
1 Open the change payment GW screen
2 Select new payment GW from the drop down list
3 Press on the change button
4 Restart Spotngo service in order the changes will take affect
5 Open the payment gateway configuration page and update the relevant information for the selected payment GW
Please note default payment GW is always Authorizenet
Please note Changes in the payment gateway definition will take affect only after Spotngo service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
32
Configuring Verisign Pay Flow
The following steps need to be taken in order to define the Verisign Pay Flow in Spotngo payment system (both for test purposes and real mode)
1 Open Spotngo main page
2 Press on Advanced Configurations
3 Press on Change Payment GW
4 From the list select Verisign
5 Press on Change
6 Go to Payment GW Configurations and set PARTNER PWD USER and VENDOR according to the data that you get from VeriSign
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
33
7 Restart Spotngo service
8 Verisign is ready to work in test mode
Changing Verisign from test mode to real mode
9 Open Spotngo main page
10 Press on HTTP Configuration
11 Press on HTTP Requests
12 Choose DefaultAuthorizenet
13 In the URL change the value to payflowverisigncom
14 Press on Update
15 Restart Spotngo service
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
34
After the above steps were implemented you will be able using the PayFlow in the Spotngo portal for Credit Card registration
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
35
Aradial API ndash Configuration
The Aradial API configuration page define the login details between Spotngo and Aradial
As part of Spotngo operation Aradial APIs are called in various scenarios The API page defines the URL login and password information
The page can be found under the main Spotngo screen advanced configuration Aradial API
Aradial API URL the field define the URL for Aradial
Please note the URL definition supports also https secured URL For secured URL definition and configuration please refer to the next chapter (IIS configuration)
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
36
API User ID define the user ID when Spotngo call to Aradial APIs
Password define the password when Spotngo call to Aradial APIs
HTTP Configuration
HTTP requests
The HTTP requests page defines the interface with the supported payment gateways The page is restricted and not allowed to be changed
Following is the Add page to define new HTTP request in the system
Request name the request name For example CCAuthCapture CCAuthOnly etc
URL this field has different semantics according to the request type
Http Https - The actual URL without the http prefix
Execute - The command line (In the actual command line the parameter are added in the end in http get format)
Null - The return string
Special - The Special request name (Internal)
In case the URL is empty and Base Request is defined it is inherited from the Base request
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
37
User ID The Authentication User Id (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Password The Authentication password (Relevant only for Http Https requests) In case it is empty and Base Request is defined it is inherited from the Base request
Request type The Request Type Possible values
HTTP ndash Plain HTTP
HTTPS ndash HTTPS
Execute ndash Execute a command line
Null ndash Do nothing return the URL
Special ndash Internal command
None ndash Do not create a request at all
ltparentgt - Inherit from the parent request
Request method relevant only for Http Https requests
Get ndash HTTP Get request
Post ndash HTTP Post request
ltparentgt - Inherit from parent
Base request the request to inherit from
Following is the HTTP Requests list page
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
38
HTTP Parameters
The HTTP parameters page defines the parameters for the HTTP requests This page is restricted and not allowed to be changed
Following is the Add HTTP request parameter page
Request name the request name For example CCAuthCapture CCAuthOnly etc
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
39
Parameter name the parameter name
Parameter number the parameter number If filled and there is more than one parameter with the same name the actual parameter that will be sent is the 1st that does not get an empty value Lower numbers are first
Parameter type type of parameter Possible values
Literal ndash The value is Parameter Valuerdquo (String)
HTTP ndash The value is taken from and HTTP Input parameter according to the Parameter Valuerdquo
Item ndash The value is taken from an internal object (eg the Offer) The Parameter Value is the member name to get from the object
Relative Date ndash The value is the Current Time + Parameter Value (Integer) formatted according to the Aradial date format setting
Random Alpha numeric ndash The value is a random string with Parameter Value (Integer) length In case the Parameter Value (String) is filled it indicates the character set to be used otherwise the characters set is Alpha numeric (a-zA-Z0-9)
Request ndash The value is taken from a value that was sent during the previous request in the current flow or was filled in a request during the flow The Parameter Value (String) should be Request NameParameter Name
Copy All ndash Copy all http input parameters to the request
Sequence ndash Take the value from a sequence The Sequence name is Parameter Value (String)
Parameter value (String) see above
Parameter value (Integer) see above
Following is the lookup page to filter or view existing parameters
Following is the result page
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
40
Sequences
Spotngo allow the user to define the user ID sequence to be used by a GUI interface
The page can be found under the main Spotngo screen advanced configuration sequences
The Edit page allow to view the current defined sequences and also present the current value (last used value)
Clicking on the sequence name will present the edit screen and will allow changing the parameters
Sequence name Defines the sequence name This is a free text field
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
41
Current value Allow to define change the current value Each user ID will be created starting the current value field
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
42
Spotngo Enhanced Portal
The Spotngo Add-on module contains an enhanced Client side Captive portal and the Admin web GUI interface In this section of the manual we will be discussing some of the features and working of the client side captive portal The Captive Portal is fully customizable to support the service providerrsquos branding as well as per location and affiliates branding The included sample portal is composed of four parts
1 The banner 2 Menu 3 Main Text and links 4 Client Login 5 Bottom frame
Each part can be further customized per location affiliate service provider branding and access controller deployed The following screenshot presents the five portions of the captive portal
Chapter
4
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
43
The portal Application calls the different portions of the portal page based on the Portal identifier and the access controller ID sent by the access controller during the redirection Default portal identifier is ampportal for example ampportal=example ampportal=example2 etc The portal application will then look for the files to use under the appropriate subdirectory (ie Example) existing files will be used and the rest will be used from the default portal directory The Portal application will only display the username and password fields when being redirected by supported access controllers Supported Access controllers include Chillispot Colubris DD-WRT Ikarus Mikrotik Monowall Nomadix PfSense Planet Value Point Zyxel and others Additional access controllersrsquo support can be added to suite the deployment requirements Service providers wishing to offer plan purchases through their website the entire portal or portions of it can be called to process the purchase through online credit card and or prepaid cards activation and refill This will eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service providerrsquos radius server
Banner
The banner is a jpg file contained in the Images subdirectory of the Payment portal which can be replaced with the service providersrsquo banner to act as the portalrsquos default banner When creating subdirectories for per venue affiliates the banner can be deployed using the default service providerrsquos banner or per venue affiliate customized banner
Menu
The menu contains the different options available to the clients and menu items can easily be removed or added to suite the service providerrsquos requirements By default the menu contains the following options
Home ndash linked to the main captive portal page
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username password or customer specified username password Depending on the service providerrsquos deployment (by default the portal is set to user specified login username and password parameters)
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill at time of purchase or at a later date
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Manage Account ndash Linked to Service providerrsquos Aradial user Web Self Care Additional menu items ndash additional menu items can be added to suite the service providerrsquos
requirements such as about us contact us support links to the service providers web site
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
44
Inner Frame
The Inner Frame can contain contains any service providers statements information venue specific information details links logos advertising etc The inner frame also calls the script identifying the access controller used and presents the client with the appropriate Username Password fields to enable network access A wide range of access controllers are supported and additional models can be added to suite hardware deployment
Login Frame
The Username and Password fields are served by a script identifying the Access controller calling the portal The script identifies the access controller used and will present the corresponding access controller specific parameters required for processing the client login
Bottom Frame
The frame by default includes the images gifs of supported payment methods these payment methods depends on the service provides merchant account agreement and service As well this is a perfect location to include the logos of any roaming partners supported by the network as well as any other associations
End user Service Purchase
The captive portal supports four methods of client self signup and account refill and service purchase Service providers can select which methods to deploy as well as deploy all of them The four Methods are
Credit Cards Sign up ndash allows for credit cards sign up for account creation supporting either random username and password or customer requested username and password Depending on the service providerrsquos deployment
Credit Card Refill- Enables the client to easily refill their existing account through self service online credit card purchase
Buy Pin Card ndash Enable the client to buy credit pin which can be applied for account creation or refill
Pin Card Registration ndash supports client signup for service using a prepaid pin card purchased at venue local retailers or through service providerrsquos distribution chain
Refill Account - Refill of existing accounts through prepaid pin card purchased at venues local retailer or service providerrsquos distribution chain
Credit Card signup
The customer credit card sign up allows for a one time account creation using either random generated username and password or customer defined username and password The process is composed of four steps
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
45
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
2 Client information Client information requested and displayed can be modified based on the
service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
46
3 Clients credit card details The clientrsquos credit card number associated with the above client info Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and condition
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
47
4 Confirmation and Receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
Credit card Refill
The credit card refill allows for an on line self service account refill of an existing account using a credit card The process is composed of four steps
Price Plan selection
Client Information
Credit Card Details
Confirmation and Receipt Upon completion of the sign up process the user can now login with their new account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
48
2 Account to be refilled Clientrsquos existing account to be refilled The user account information will be verified against existing client account in the Aradial Radius server
3 Clients credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
49
conditions can be linked to the service providerrsquos term and conditions
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as the username password combination selected by the client
Note The Receipt details should correspond to the service providerrsquos merchant account
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
50
Buy PIN Card
The Buy Pin Card is similar to the credit card sign up above but instead of creating an account for the client it creates a prepaid credit which will be used through the continuous process for creating a new account or refilling an existing account
The following is an example of the four step signup procedure as experienced by the client
1 Price plans price plans available to the clients are based on global price plans and location specific price plans as defined by the Service Provider
Note When selecting required fields make sure to follow the guidelines set by your Credit Card merchant Processing account
2 Client information Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional in the Admin portal
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
51
3 Client credit card details The clientrsquos credit card number associated with the above client info
Terms and conditions This statement and check box is set as required by default and the terms and conditions can be linked to the service providerrsquos term and conditions
Note The term and conditions page should be set in the Access controller white list for allowed access pre-authentication
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
52
4 Confirmation and receipt This page will contain the credit card receipt for the purchased service as well as credit voucher purchased by the client In this page the client can chose to add the credit to an existing account through the user ID refill or sign up for a new account Note The Receipt details should correspond to the service providerrsquos merchant account
5 Successful account refill In the Above screen we chose the account refill and entered an existing account to refill upon clicking the refill we received confirmation for successful refill At that point the client is given the option to log in using their newly refilled account
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
53
6 Client signup through the purchased voucher When selecting signup in the voucherreceipt page the client can sign up for a new account using the credit voucher created
Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
7 Confirmation page This page confirms the successful signup for the new account using the credit voucher purchased At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
54
PIN Card Registration
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards These scratch cards are a credit voucher for the predefined price plan the cards were issued under The client will then self signup and activate an account using the scratch cardrsquos credit The service provider can issue unlimited number of cards and distribute then through local venues or at the hotspot locations The process is similar to the credit card sign up and can be seen in the example bellow
1 Client signup through prepaid scratch cards When selecting pin cards registration the client can sign up for a new account using the Prepaid scratch cards purchased locally Client information requested and displayed can be modified based on the service providerrsquos requirements through manipulation of the HTS files Required information is in Bold and fields can be set as required or optional through the Admin portal
2 Confirmation Page This page confirms the successful signup for the new account using the Pin Card Registration with a prepaid Scratch Card
At this point the client can login with the new account created by clicking login or go back the portalrsquos home page
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
55
Refill Account
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card credit voucher Existing account holders can continue to use their original self created account or service providerrsquos issued account through the prepaid card credit voucher refill The credit will be added to their account balance in form of net time metering (time bank) Auto expiry or data bank according to the purchased credit voucher and original account The pin card ID and Pin can be distributed through the service providerrsquos traditional sales channels such as electronic or physical media trial vouchers available distributed through local vendors online and hotspot locations
1 Refill Account This option will allow existing users to extend their existing service through prepaid card credit voucher
This Page cannot be used for new account signup The client will enter their existing User ID new card ID and Pin from their credit voucher
The new Balances will be added to their existing accounts
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
56
2 Refill account confirmation This page will confirm the successful pin Application
Upon successful account refill the user will be presented with a shortcut to login using their recently refill account Since the portal remembers the user only the password is required Or the user can select home to log in through another account or for additional services
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
57
Web Interfaces
The Spotngo Payment module consists of two web interfaces the client Captive Portal interface and the Service provider web GUI admin interface
Captive Portal
The Captive portal interface can be found at
From the local server the payment module is installed on
HttpslocalhostPayment
For deployment on port other then 443 for SSL specify the port number in the URL such as
httpslocalhostport-numberPayment
Or from Remote pc
httpsRadius-Server-IPPayment
httpsRadius-Server-IPPort-numberPayment
Note you will not see the username and password boxes as you are accessing the captive portal directly and not through a NAS
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
58
To see the Captive portal page as it is seen through a NAS Network Access Server (Gateway) add the NAS specific parameters in the URL as they are sent by the NAS during the redirection
For Example
HttpslocalhostPaymentuamip=121ampuamport=100
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
59
Running Spotngo
1 Start the Aradial Admin service 2 Define the APIUser in Enforcer Admin (a user with API admin rights see Adding an API User
in Aradial) 3 In order to run Spotngo portal with IIS the redirection URL should be
For Mikrotik
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdllAP=MT
For Chillispot based
httpyour_server_Iexternal_IPardWebSPNGPaymentIsdll
Notes
a See all other routers in Aradial manuals
b your_server_Iexternal_IP = the external IP of the computer that the access controller communicated with
4 To verify on local machine
1 Open a browser 2 Write httplocalhostardWebSPNGPaymentIsdllAP=MT
Or for the Admin
Write httplocalhostardWebSPNGPaymentIsdllpage=MainAdmin
Enter to login user admin
Pwd password
Chapter
5
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
60
Spotngo Installation Instructions
General
Spotngo Payment module is typically delivered as download link Aradial Enforcer must be installed prior to Spotngo
Upon running the module you will arrive at the welcome screen containing copyright warning select Next gt to accept and proceed with the installation
Set Administrator login and password configure email settings Or use the default values which
can be changed later
Chapter
6
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
61
IIS and MS SQL should be selected in accordance with preinstalled Enforcer configuration The below settings are used by default
Configure the MS SQL connection
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
62
Spotngo is installed to Aradial Enforcer folder but the logs may be stored separately Set the path to the Logs folder
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
63
Set the path to the Aradial license provided The license should be issued for the MAC and IP shown on your screen
Start Installation you are now ready to proceed with the installation Select Nextgt to proceed with the installation or ltBack if you would like to make any changes
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
64
Upon successful installation you will see Spotngo Payment Module has been successfully installed Press Finish the exit the installation
Firewall Port Setting
Spotngo payment module uses by default port 443 for the SSL secured captive portal and admin interfaces In order to allow access to the Remote admin interface and for NAS Network Access Servers to be able to access and redirect clients to the centralized Captive Portals the port associated with the payment module has to be open in the Firewall
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
65
Please Note The port settings for the Spotngo Payment Module can be changed in the
Admin interface and should be changed accordingly in the firewall settings
In order to open the ports in your firewall please consult your firewall documentations for additional
instructions
The following is an example for firewall windows users to add a port exception
In the control panel select Network and Internet connections (in classic view select Windows
Firewall)
Select Windows firewall settings
In the tab menu select the Exceptions
Select Add port
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
66
In the Add Port enter the following settings o Name of the service can be any name which will help you identify the service running
on that port in our example we used ldquoSpotngo Payment Modulerdquo o Port number the port number set for the Payment module in our example we used
the default SSL port 443 o Protocol used for the Payment module TCP o Select OK to add the port
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
67
o Select OK again to exit the firewall exceptions settings
Changing Administrator credentials through the registry editor
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin interface in case of lost misplaced username password combination Accessing the Registry Editor
Click Star Menu
Select Run
Type Regedit
Click OK In the new registry editor window
Select HKEY_LOCAL_MACHINE
Select SOFTWARE
Select Aradial
Select PaymentModule
Select 10
Select Authentication You will see a window similar to the one in the following figure
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
68
In the parameter window of the Registry Editor
Right click on AdminLogin
Select Modify
In the new Edit String window enter the value for the username and select OK
Right Click on AdminPass
Select Modify
In the new Edit String window enter the value for the Password and select OK
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
69
The new username and password combination will take effect following a restart of the payment module service or a hardware restart
Adding an API User in Aradial
In order for the Payment module to integrate with the Aradial Radius Server an API User has to be created in Aradial In the Aradial Admin go to User Manager then click Add User
Set the User ID and password as you previously set in the Spotngo Payment module Aradial API Config
In Aradial the minimum requirements are
User ID same as set in the Payment Modulersquos Aradial API Config
Password Same as set in the Payment Modulersquos Aradial API Config
Group Name Can be any of the groups as long as the user does not expire during the length of the required integration
Admin Rights set to API
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
70
Please Note Only set the user to active if the API user will be used to for authentication When installing on the same server it is recommended not to set the user as active
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
71
Securing Spotngo Payment Module
Securing Spotngo Captive Portal and Admin Interface
To ensure the security of your data clientrsquos contact information credit cards information and the admin interface the module is designed to be deployed over secure SSL interface
By default the Payment module is shipped with a certificate issued by Spotngoca for the purpose of the initial integration and implementation It is up to the provider to purchase their SSL Certificate from a recognized CA Certification Authority prior deployment
In order to purchase an SSL certificate you will need two files created uniquely for your server the SSLkey and Certcsr
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the creation of the SSLkey and Certcsr the type of certificate used is PEM
The following two commands will be executed in Command window from within the opensslout32dll directory
Generating the private SSLKey
Using the openSSL library from within the opensslout32dll directory issue the follow command
openssl genrsa -out sslkey 2048 You unique private key will be saved as sslkey in the opensslout32dll directory
Generating the certificate request
Once the SSLkey is created we can proceed to generate the certificate request Certcsr From within the opensslout32dll directory issue the following command
openssl req -new -config appsopensslcnf -key sslkey -out certcsr Once the above command is executed you will be requested to enter the company and server information this information will be used to further verify the validity of your certificate Please Note Pay special attention to the Common Name CN when entering the information
The common is the URL of the server verification For example for deployments as httpsServer-IPPayment use the server IP for the Common Name For deployment through httpsportaldomaincom use portaldomaincom as your Common name
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
72
Please Note Keep your SSLkey private and confidential this is your unique random generated key for the encryption and decryption Keep it in a safe place as you will not be able to recreate it and you will be required to install it in your server
The certcsr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing request
Purchasing the SSL Certificate from a Certification Authority
CA
Once you have generated the SSLkey and certcsr you can proceed to purchase a certificate from a Certification Authority Different Certification Authorities offer various products warranties and services chose the one most suitable for your application and requirements
Once you selected the Certificate Authority you would like to use go to their website and fill their application form for the SSL certificate
The following is an example using the LiteSSL CA We have chosen this CA as they offer 30 days trial certificate which works great for our example here Additional information on LiteSSL can be found at httplitesslcom
Example of purchasing SSL certificate from a LiteSSL CA
1 Go to wwwlitesslcom
2 Click on the Lite SSL Trial 30 dayrsquos free icon 3 You will be redirected to the screen requiring you to enter your certificate request certcsr 4 Open you certcsr file created earlier in notepad copy its content and paste it in the box for the
certificate request 5 As the web server used by Spotngo Payment Module is not listed select other for the web server 6 Select Next to continue
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
73
You will be prompt to verify the information in the Certcsr file Please Note pay extra attention to the WebsiteServer Name as it should match the Common
Name entered earlier and must match the service you are purchasing the SSL for identically
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
74
In Our example we have deployed the server over our local network and use the server ip address for accessing the Payment Module therefore our common name would be the server IP address In most cases it would be the service providerrsquos sub domain and domain address used for the Spotngo Payment module service such as securedomaincom or the Service Providerrsquos public IP address if a domain is not used
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
75
Warning If you have made a mistake in any of the above steps make sure to start over and enter the correct information once a certificate is issued it cannot be altered or corrected and you will have to contact the CA to generate a new one Many Certificate Authorities offer 30 days guarantee should you require a new certificate
Once finished with the registration you will receive an account to further manage your certificates in the future and an order reference number
Shortly after you will receive an email confirmation and your new certificates
In our Example the Certificates arrived within 5 minutes in a zipped folder via email Once you have your new certificates you will proceed to add them in the Spotngo Payment Modulersquos Admin
1 Backup your existing demo SSLkey located in the Aradial folder 2 Back up your payment module files (located at AradialHTSPayment Module) 3 Copy your newly created private sslkey generated previously with the openssl to the Aradial
directory 4 Copy you newly created certificates to the Aradial Directory (if they arrived in a zipped
folder extract them first) 5 Log In to your Spotngo Payment module to reference the module to the newly created SSL
certs 6 In the Spotngo Payment Module go to
o Advance configuration o Http Server o At the Primary Certificate file box enter the location and file name of the certificate
file from the CA in our example the file name is 192_168_8_108crt therefore the value entered is CProgram FilesAradial192_168_8_108crt
o At the Primary Key File Box enter the location and file name of the certificate private key in our example we saved the file as ssl2key therefore the location will be CProgram FilesAradialssl2key
o At the SSL CA Certificate file you enter the CA certificate file if they require one in our example LiteSSLCAcrt the location and file name would be CProgram FilesAradialLiteSSLCAcrt
See screen shoot
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
76
Warning Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment Module will not start
For the new setting to take effect restart the Spotngo Payment Module service
Trouble shooting Spotngo Payment Module failure to start due
to incorrect SSL certificatesrsquo setting
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting you can always use the Registry Editor to verify or change the file names and path for the SSL settings
Example using the registry editor to verify the SSL certificates files and location
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
77
1 Click Start menu 2 Select Run 3 Type Regedit 4 Click OK
I the new Registry Editor window 5 Select HKEY_LOCAL_MACHINE 6 Select SOFTWARE 7 Select Aradial 8 Select PaymentModule 9 Select 10 10 The files are referenced in two location HTTP Server and SSL 11 Verify the files are referenced correctly including the file names locations and extensions 12 Verify the files exist in the location specified
See Screen shot bellow for the registry editorsrsquo HTTP Server settings for the SSL certificate files
Please Note Any setting changes will only take affect after a service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
78
Restarting the Spotngo Payment Module Service through
Windows Services
Certain changes in the Spotngo Payment module only will take effect after a restart of the Spotngo Payment service Instead of rebooting the server after every change we can restart the service through Windows Services Opening Windows Services action window
1 Go to Start Menu 2 Select Control Panel 3 The following steps depend whether you are in Category view or Classic View
In Category View a Select Performance and Maintenance b Select Administrative Tools c Select Services
In Classic View
a Select Administrative Tools b Select Services
In Services
a Select Aradial Spotngo Payment b Click restart
Setting the API Username and Password
The API User name and password are used for the integration with Aradial The API integration allows the Spotngo Payment Module to add or update client information based on the purchased plan Note a mismatch between the API Username and Password and the corresponding API Username and Password in Aradial will prevent the application from exchanging data with Aradial In the Spotngo Payment Module Admin interface
1 Select Advanced Configuration 2 Select Aradial API
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart
79
The Aradial API Configuration consists of the following 5 parameters Aradial API URL type (Plain) http if the Aradial Admin interface is located at non secured interface accessed through http location By default Aradial comes set to (plain) http and will be changed to (secure) https once the service provider deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in Captive Portal interface Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface (Secure) https if the Aradial Admin interface is located at an SSL secured interface accessed through https These Parameters are based on your deployment of the Aradial Radius server Aradial API URL Location The relative location of the Aradial admin interface By default for installation on the same server the Address would be localhostardWebARDAdminIsdll API User ID Any user id for the interaction between the Aradial API interface and the Spotngo Payment Module as long as the user exist in Aradial with API permissions (Default APIUser) Password Can be any password as long as it matches the one defined for the API user in Aradial (Default password)
80
Request Method In Most deployments the Parameter should be set to post as in most deployments the Spotngo will be posting the user information to the Aradial
Please Note These Changes will take effect following the payment module service restart