Professional Documents
Culture Documents
This document contains proprietary and confidential information of Spotngo and shall not be reproduced or transferred to
other documents, disclosed to others, or used for any purpose other than that for which it is furnished, without the prior
written consent of Spotngo. It shall be returned to the Spotngo upon request.
The trademark and service marks of Spotngo wireless, including the Spotngo logo, are the exclusive property of Spotngo,
and may not be used without permission.
All other marks mentioned in this material are the property of their respective owners.
http://www.spotngo.ca
3H
Document Information
Software Version: 2.0
Document Version: 1.0
Publication Date: March 2006
Contact information:
Contents
Introduction................................................................................................................................................................4
About Spotngo Payment Module............................................................................................................................4
Features.....................................................................................................................................................................6
Live Demo:...............................................................................................................................................................8
Enhanced Captive Portal .......................................................................................................................................10
Captive Portal Composition ..................................................................................................................................10
End user service purchase......................................................................................................................................13
Credit Card Signup: ..........................................................................................................................................14
Credit Card Refill:.............................................................................................................................................18
Buy Pin Card:....................................................................................................................................................22
Pin Card Registration:.......................................................................................................................................28
Refill Account:..................................................................................................................................................30
Web Interfaces. ......................................................................................................................................................32
Captive Portal....................................................................................................................................................33
Web GUI Administration.......................................................................................................................................33
Changing Administrator Login Credentials - Username and password..............................................................34
Changing Administrator Login Credentials through the WebGUI. ...............................................................34
Setting the API Username and Password .............................................................................................................36
User’s Group assignment in Aradial.....................................................................................................................45
Appendix A - Installation instructions .................................................................................................................48
General ...................................................................................................................................................................48
Port setting – Firewall Port Setting. ......................................................................................................................48
Example: Windows firewall users can add a port exception as follows: .......................................................49
Changing the Administrator Credentials through the Registry Editor. ..........................................................53
Adding an API User in Aradial........................................................................................................................55
Securing Spotngo Payment Module Captive Portal and Admin Interface..........................................................55
Generating the private SSL.key. ......................................................................................................................56
Generating the certificate request:....................................................................................................................56
Purchasing the SSL Certificate from a Certification Authority, CA..............................................................57
Trouble shooting Spotngo Payment Module failure to start due to incorrect SSL certificates’ setting. ......64
Restarting the Spotngo Payment Module Service through Windows Services..................................................66
Setting the API Username and Password .............................................................................................................67
Introduction
Spotngo Payment modules include prepaid solutions for Scratch Cards and Online Credit Cards
transactions through supported merchant processing for Hotspots, HotZones, ISP, WISP and VOIP
deployments.
Spotngo Payment Module integrated with the Aradial Radius server will provide a powerful, yet easy
to deploy and manage solution for prepaid Internet access and VOIP services through enhanced
captive portal interface. The solution is scaleable to support the service provider growing needs.
Spotngo offers versions of the module to sale, control and manage user’s Internet access for Client’s
self signup via prepaid scratch cards and online credit card transactions for Hotspots, HotZones,
WISP and VOIP deployments.
The module is fully customizable to support the ISP’s image and branding as well as location based
branding and advertising. The module further supports Affiliates branding, price groups and
reporting.
Our design team went in to great efforts to simplify the deployment and maintenance of the solution
thereby enabling efficient deployment with minimal technical skills requirements. The solution
provides the tools and scalability to suite both start up and large service providers through their
existing technical team and infrastructure.
Features
• Online real time credit card purchases for account creation, user signup and refill
Supported Credit card merchant accounts include:
o Authorize.net
o Verisign
o PSIGate
o Quickpay
o Tranzilla
o Payment Planet
o Others through customization.
• View / Queries payment history.
• Plan/Tariff management (time, traffic and expiration). Creating a tariff.
• User self care for sign up, activation and refill of prepaid account trough prepaid pin or scratch cards
• Prepaid Card ID and pin generation
Supporting:
o 0..9
o 0..9 and A..Z
o 0..9, A..Z and a..z
• Pin Generation and management using plans
• View / Queries of previously generated pins
• Views /Queries of card’s status
• Printing and exporting of generated cards to CSV files
• Easy creation of prepaid plans
Including:
o Auto Expiry – Time and date expiration
o Time bank – Net usage
o Data bank – Traffic
o Combination of the above.
• Simple Secured Web GUI administration interface for local and remote management through SSL
secured Web GUI technology.
• Enhanced, fully customizable Captive Portal supporting location’s, affiliates branding and price groups
including multi portal support.
• Currency prefix and postfix.
• Supporting fee and free based service.
• Online and email receipts generation.
• Support for Tax rate.
• Simple integrations with Aradial Radius Server.
• The user information is integrated in the radius database allowing for full control through single
database.
• Great ROI due to affordable market entry and deployment requirements.
• Flexible Network deployments supporting a wide range of access controllers and mixed networks
Live Demo:
Spotngo live demo can be viewed and accessed via a web browser.
https://secure.spotngo.com:8015/Payment?CIP=100&cport=100
https://secure.spotngo.com:8015/Payment?Portal=example&CIP=100&cport=100
Screenshot 2 - Captive portal's Location Branding 1 Screenshot 3 - captive portal's location branding 2
https://secure.spotngo.com:8015/Payment?page=mainadmin
Username: admin
Password: password
The Captive Portal is fully customizable to support the service provider’s branding as well as per location and
affiliates branding. The included sample portal is composed of four parts:
1. The banner
2. Menu
3. Main Text and links
4. Client Login
5. Bottom frame
Each part can be further customized per location, affiliate, service provider branding and access controller
deployed.
The Portal application will only display the username and password fields when being redirected by supported
access controllers, Supported Access controllers include: Chillispot, Colubris, DD-WRT, Ikarus, Mikrotik,
Monowall, Nomadix, PfSense, Planet, Value Point, Zyxel, and others. Additional access controllers’ support
can be added to suite the deployment requirements.
Service providers wishing to offer plan purchases through their website, the entire portal or portions of it can be
called to process the purchase through online credit card and or prepaid cards activation and refill. This will
eliminate the need of additional Ecommerce application and would insure direct user provisioning in the service
provider’s radius server.
Banner:
The banner is a jpg file contained in the Images subdirectory of the Payment portal, which can be replaced with
the service providers’ banner to act as the portal’s default banner. When creating subdirectories for per venue,
affiliates the banner can be deployed using the default service provider’s banner or per venue, affiliate
customized banner.
Page 8 Copyrights ©2006 Spotngo http://www.spotngo.ca
Spotngo Payment Module Manual – V2.0
Menu:
The menu contains the different options available to the clients and menu items can easily be removed or added
to suite the service provider’s requirements.
Inner Frame:
The Inner Frame can contain contains any service providers statements, information, venue specific
information, details, links, logos, advertising etc. The inner frame also calls the script identifying the access
controller used and presents the client with the appropriate Username / Password fields to enable network
access. A wide range of access controllers are supported and additional models can be added to suite hardware
deployment.
Login Frame:
The Username and Password fields are served by a script identifying the Access controller calling the portal.
The script identifies the access controller used and will present the corresponding access controller specific
parameters required for processing the client login.
Bottom Frame:
The frame by default includes the images gifs of supported payment methods, these payment methods depends
on the service provides merchant account agreement and service. As well this is a perfect location to include
the logos of any roaming partners supported by the network as well as any other associations.
The customer credit card sign up allows for a one time account creation using either random generated
username and password or customer defined username and password.
The process is composed of four steps:
• Service Plan selection
• Client Information
• Credit Card Details
• Confirmation and Receipt
Upon completion of the sign up process, the user can now login with their new account.
Bellow is example of the four step signup procedure as experienced by the client:
Service Plans:
Service plans available to the
clients are based on global
service plans and location
specific service plans as
defined by the Service
Provider
Client Information:
Client information requested
and displayed can be modified
based on the service provider’s
requirements through
manipulation of the HTS files.
Required information is in
Bold and fields can be set as
required or optional in the
Admin portal.
Note: The term and conditions page should be set in the Access controller white list for allowed access pre-
authentication.
Upon completion of the sign up process, the user can now login with their new account.
Bellow is example of the four step signup procedure as experienced by the client:
Service Plans:
Service plans available to the
clients are based on global
service plans and location
specific service plans as defined
by the Service Provider
Account to be refilled:
Client’s existing account to be
refilled. The user account
information will be verified
against existing client account in
the Aradial Radius server.
Bellow is example of the four step signup procedure as experienced by the client:
Service Plans:
Service plans available to the
clients are based on global
service plans and location
specific service plans as
defined by the Service
Provider
Client Information:
Client information
requested and displayed can
be modified based on the
service provider’s
requirements through
manipulation of the HTS
files.
Required information is in
Bold and fields can be set as
required or optional in the
Admin portal.
Client information
requested and displayed can
be modified based on the
service provider’s
requirements through
manipulation of the HTS
files.
Required information is in
Bold and fields can be set as
required or optional through
the Admin portal.
Screenshot 18 - Account Signup
Confirmation Page:
This page confirms the
successful signup for the
new account using the
credit voucher purchased.
Pin Card Registration is designed to allow clients to self signup for service via prepaid scratch cards. These
scratch cards are a credit voucher for the predefined service plan the cards were issued under. The client will
then self signup and activate an account using the scratch card’s credit. The service provider can issue unlimited
number of cards and distribute then through local venues or at the hotspot locations.
The process is similar to the credit card sign up and can be seen in the example bellow:
Client information
requested and displayed can
be modified based on the
service provider’s
requirements through
manipulation of the HTS
files.
Required information is in
Bold and fields can be set as
required or optional through
the Admin portal.
Screenshot 19 - Scratch Card Registration
Confirmation Page:
This page confirms the
successful signup for the
new account using the Pin
Card Registration with a
prepaid Scratch Card.
Refill Account:
Refill Account is designed to allow subscribers to refill their account via a prepaid scratch card / credit voucher.
Existing account holders can continue to use their original self created account or service provider’s issued
account through the prepaid card / credit voucher refill. The credit will be added to their account balance in
form of net time / metering (time bank), Auto expiry or data bank according to the purchased credit voucher
and original account.
The pin card ID and Pin can be distributed through the service provider’s traditional sales channels such as
electronic or physical media, trial vouchers available distributed through local vendors, online and hotspot
locations.
Spotngo Payment Module Manual – V2.0
Refill Account:
This option will allow
existing users to extend
their existing service
through prepaid card /
credit voucher.
This Page can not be used
for new account signup.
The client will enter their
existing User ID, new card
ID and Pin from their
credit voucher.
Refill Account
Confirmation:
This page will confirm the
successful pin Application.
Web Interfaces.
The Spotngo Payment module consists of two web interfaces, the client Captive Portal interface and the
Service provider webGUI admin interface.
Captive Portal
For deployment on port other then 443 for SSL, specify the port number in the url such as:
https://localhost:port-number/Payment
Note: you will not see the username and password boxes as you are accessing the captive portal directly
and not through a NAS.
To see the Captive portal page as it is seen through a NAS, Network Access Server (Gateway), add the
NAS specific parameters in the URL as they are sent by the NAS during the redirection.
For Example:
Https://localhost/Payment?uamip=121&uamport=100
Or
https://localhost:port-number/Payment?Page=MainAdmin
Note: you should always change the default login access credentials prior deployment.
For ease of use, add the Captive Portal interface and the WebGUI interface to your web browser favorites or
create short cuts on your desktop.
To create short cuts on your desktop, drag and drop the website from the favorite list on to your desktop.
Note: For security, do not save the admin username and password on share computers.
The new username and password combination will take effect following a restart of the payment module
service or a hardware restart.
Note: a mismatch between the API Username and Password and the corresponding API Username and
Password in Aradial will prevent the application from exchanging data with Aradial.
(Plain) http://: if the Aradial Admin interface is located at non secured interface accessed through http://
location.
By default Aradial comes set to (plain) http:// and will be changed to (secure) https:// once the service provider
deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in
Captive Portal interface.
Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface.
(Secure) https://: if the Aradial Admin interface is located at an SSL secured interface accessed through https://
These Parameters are based on your deployment of the Aradial Radius server.
Aradial API URL Location: The relative location of the Aradial admin interface. By default for installation on
the same server the Address would be: localhost:8000/Admin
API User ID: Any user id for the interaction between the Aradial API interface and the Spotngo Payment
Module as long as the user exist in Aradial with API permissions. (Default: APIUser)
Password: Can be any password as long as it matches the one defined for the API user in Aradial. (Default:
password)
Request Method: In Most deployments the Parameter should be set to post as in most deployments the
Spotngo will be posting the user information to the Aradial.
Note: These Changes will take effect following the payment module service restart.
Auto Expire: (AutoExpire) – continuous use service plan. Clients will receive continuous access for the
duration set in the Expiration Time from client first login regardless of the client actual usage. The time units
are set in minutes.
For example: when Expiration Time is set to 120 minutes, the client will receive service for 120 continuous
minutes from client first login. Account activated at 1:05 PM by client first login will be valid through to 3:05
PM regardless of the amount of time the client utilized the service.
Metering: (In the Enforcement Type use: Meetering) – Net usage service plan. The client account will be
credited with time as set in the duration of the time bank. The unused balance will carry forward for future
access as long as the account is valid.
For Example: 120 Minutes time bank will allow the client to use the network for a net time amount of 120
minutes. If 15 minutes were used in a session, the client will have 105 minutes remaining on the account for
future sessions. This balance will remain for the duration of the account validity.
Auto Expiry – Metering Combination: The system supports combination of time bank and auto expiry. To
provide additional flexibility for plans such as 10 hours net usage during the next 30 days from account first
login.
For combination plan, set the enforcement type to AutoExpire with enabled time Bank and enter values for both
time bank and Expiration time.
In the Following example, the client will be allowed access for up to 10 hours during the 30 days following
their first login. The session time out sent to the access controller will be the smaller of the time bank or
Expiration time.
To select the groups the newly created users will be assigned to:
• Go to Advance Configuration
• Go to Aradial API - Groups
• Update the Group value one at a time (Note: Groups names are case sensitive and should be entered
exactly as provisioned in Aradial.)
• Restart the Spotngo Service for the changes to apply.
General
Spotngo Payment module is typically delivered as an email attachment SPNG Payment module v
X.X.exe_. The underscore at the end of the exe file extension is to prevent it from being blocked by the
various email software and servers. In order to run the program, rename the file without the underscore.
1. Upon running the module you will arrive at the welcome screen containing copyright warning,
select Next > to accept and proceed with the installation.
2. Choose Destination Location. To simplify the installation and configuration , we recommend
installing the application in the Aradial Default destination folder: C:\Program Files\Aradial
3. Start Installation, you are now ready to proceed with the installation. Select Next> to proceed with
the installation or <Back if you would like to make any changes.
4. Installation Complete, upon successful installation, you will see: Spotngo Payment Module has
been successfully installed. Press Finish the exit the installation.
5. Restart you server.
Note: The port settings for the Spotngo Payment Module can be changed in the Admin interface and
should be changed accordingly in the firewall settings.
To Open the ports in you firewall, please consult your firewall documentations for additional instructions.
Changing the Administrator credentials through the Registry editor allows gaining access back to the admin
interface in case of lost / misplaced username password combination.
Accessing the Registry Editor:
The new username and password combination will take effect following a restart of the payment module
service or a hardware restart.
Note: Only set the user to active if the API user will be used to for authentication. When installing on the same
server, it is recommended not to set the user as active.
In order to purchase an SSL certificate you will need two files created uniquely for your server, the SSL.key
and Cert.csr.
The Spotngo Payment module uses its own integrated web server supporting the openSSL technology for the
creation of the SSL.key and Cert.csr the type of certificate used is PEM.
The following two commands will be executed in Command window from within the openssl/out32dll
directory.
You unique, private key will be saved as ssl.key in the openssl/out32dll directory.
Once the SSL.key is created, we can proceed to generate the certificate request, Cert.csr.
From within the openssl/out32dll directory, issue the following command.
Once the above command is executed, you will be requested to enter the company and server information, this
information will be used to further verify the validity of your certificate.
Notes:
1. Pay special attention to the Common Name, CN when entering the information. The common is the
URL of the server verification. For example for deployments as https://Server-IP/Payment use the
server IP for the Common Name. For deployment through https://portal.domain.com , use
portal.domain.com as your Common name.
2. Keep your SSL.key private and confidential, this is your unique random generated key for the
encryption and decryption. Keep it in a safe place as you will not be able to recreate it and you will be
required to install it in your server.
The cert.csr can be opened with Notepad and its text content will be used for the SSL Certificate purchasing
request.
Once you have generated the SSL.key and cert.csr, you can proceed to purchase a certificate from a
Certification Authority. Different Certification Authorities offer various products, warrenties and services,
chose the one most suitable for your application and requirements.
Once you selected the Certificate Authority you would like to use, go to their website and fill their application
form for the SSL certificate.
The following is an example using the LiteSSL CA. We have chosen this CA as they offer 30 days trial
certificate which works great for our example here. Additional information on LiteSSL can be found at:
http://litessl.com
1. Go to: www.litessl.com
2. Click on the Lite SSL Trial 30 day’s free icon.
3. You will be redirected to the screen requiring you to enter your certificate request: cert.csr
4. Open you cert.csr file created earlier in notepad, copy its content and paste it in the box for the
certificate request.
5. As the web server used by Spotngo Payment Module is not listed, select other for the web server.
6. Select Next to continue.
Note: pay extra attention to the Website/Server Name as it should match the Common Name entered earlier
and must match the service you are purchasing the SSL for identically.
In most cases it would be the service provider’s sub domain and domain address used for the Spotngo Payment
module service such as secure.domain.com or the Service Provider’s public IP address, if a domain is not used.
Warning: If you have made a mistake in any of the above steps make sure to start over and enter the correct
information, once a certificate is issued, it can not be altered or corrected and you will have to contact the CA to
generate a new one. Many Certificate Authorities offer 30 days guarantee should you require a new certificate.
• Once finished with the registration, you will receive an account to further manage your certificates in
the future and an order reference number.
• Shortly after, you will receive an email confirmation and your new certificates.
• In our Example the Certificates arrived within 5 minutes in a zipped folder via email.
Once you have your new certificates you will proceed to add them in the Spotngo Payment Module’s Admin.
Warning: Make sure the files exist at the paths specified and referenced correctly or the Spotngo Payment
Module will not start.
For the new setting to take effect, restart the Spotngo Payment Module service.
Trouble shooting Spotngo Payment Module failure to start due to incorrect SSL
certificates’ setting.
In case of failure of the Spotngo Payment Module to start due to incorrect or missing SSL files and setting, you
can always use the Registry Editor to verify or change the file names and path for the SSL settings.
Example using the registry editor to verify the SSL certificates files and location:
See Screen shot bellow for the registry editors’ HTTP Server settings for the SSL certificate files.
Note: Any setting changes will only take affect after a service restart.
1. Go to Start Menu.
2. Select Control Panel
3. The following steps depend whether you are in Category view or Classic View.
In Category View:
a. Select: Performance and Maintenance.
b. Select: Administrative Tools
c. Select: Services
In Classic View:
b. Select: Administrative Tools
c. Select: Services
In Services:
a. Select Aradial Spotngo Payment
b. Click restart.
Note: a mismatch between the API Username and Password and the corresponding API Username and
Password in Aradial will prevent the application from exchanging data with Aradial.
(Plain) http://: if the Aradial Admin interface is located at non secured interface accessed through http://
location.
By default Aradial comes set to (plain) http:// and will be changed to (secure) https:// once the service provider
deploy the SSL certificate to the Spotngo Payment Module captive portal interface or the Aradial built in
Captive Portal interface.
Easiest way to identify the protocol type is by observing the URL used to access the Aradial Admin interface.
(Secure) https://: if the Aradial Admin interface is located at an SSL secured interface accessed through https://
These Parameters are based on your deployment of the Aradial Radius server.
Aradial API URL Location: The relative location of the Aradial admin interface. By default for installation on
the same server the Address would be: localhost:8000/Admin
API User ID: Any user id for the interaction between the Aradial API interface and the Spotngo Payment
Module as long as the user exist in Aradial with API permissions. (Default: APIUser)
Password: Can be any password as long as it matches the one defined for the API user in Aradial. (Default:
password)
Request Method: In Most deployments the Parameter should be set to post as in most deployments the
Spotngo will be posting the user information to the Aradial.
Note: These Changes will take effect following the payment module service restart.