Bug 511307

Summary: Support for WISPr hotspot authentication
Product: [Plasma] plasmashell Reporter: Malte S. Stretz <mss>
Component: Networking in generalAssignee: Plasma Bugs List <plasma-bugs-null>
Status: RESOLVED INTENTIONAL    
Severity: wishlist CC: kdedev, nate
Priority: NOR    
Version First Reported In: 6.5.0   
Target Milestone: 1.0   
Platform: Neon   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Malte S. Stretz 2025-10-29 09:44:16 UTC 
SUMMARY

While I was debugging some guest wifi issues which didn't let me log in I discovered that a protocol called WISPr exists which allows Windows clients to skip those pesky Captive Portal screens and pop up an "authentication required" system dialog.

It is documented here https://learn.microsoft.com/en-us/windows-hardware/drivers/mobilebroadband/wispr-authentication

It didn't work for the network I am connected to even though the page which intercepted the network check contained the required XML (copied below).

STEPS TO REPRODUCE
1. Find a public wifi which supports WISPr
2. Try to connect

OBSERVED RESULT

Plasma NM will discover that authentication is required and open up the default browser with the captive portal.

EXPECTED RESULT

A system dialog should have popped up which asks me for the credentials (with an option to open the captive portal in the browser).

SOFTWARE/OS VERSIONS
Operating System: KDE neon User Edition
KDE Plasma Version: 6.5.0
KDE Frameworks Version: 6.19.0
Qt Version: 6.9.2
Kernel Version: 6.14.0-33-generic (64-bit)
Graphics Platform: Wayland

ADDITIONAL INFORMATION

curl -v nossl.com
* Host nossl.com:80 was resolved.
* IPv6: 2606:4700:3032::6815:6021, 2606:4700:3033::ac43:ac3f
* IPv4: 172.67.172.63, 104.21.96.33
*   Trying 172.67.172.63:80...
* Connected to nossl.com (172.67.172.63) port 80
> GET / HTTP/1.1
> Host: nossl.com
> User-Agent: curl/8.5.0
> Accept: */*
> 
< HTTP/1.1 307 Temporary Redirect
< Server: hsdredirectsrvr/1.0
< Date: Wed, 29 Oct 2025 09:15:11 GMT
< Content-Type: text/html; charset=iso-8859-1
< Connection: close
< Location: https://hotspot.kuehne-nagel.com/guest/guestaccesskn_login_3_login.php?hs_server=nac.int.kn&Qv=it_qpmjdz=Dmfbsqbtt.HvftuBddfttLO.DbqQpsu@bbb_qpmjdz=fnfb.BBB.DmfbsQbtt@dmjfou_njou=574:32:31@dmjfou_nbd=55.96.11.41.37.47@ttje=HvftuBddfttLO@bq_nbd=C9.61.12.B7.F4.11
< 
<html>
<title>Login Page</title>
<body> This page will be automatically redirected to <a href="https://hotspot.kuehne-nagel.com/guest/guestaccesskn_login_3_login.php?hs_server=nac.int.kn&Qv=it_qpmjdz=Dmfbsqbtt.HvftuBddfttLO.DbqQpsu@bbb_qpmjdz=fnfb.BBB.DmfbsQbtt@dmjfou_njou=574:32:31@dmjfou_nbd=55.96.11.41.37.47@ttje=HvftuBddfttLO@bq_nbd=C9.61.12.B7.F4.11"> Page</a>
</body>
</html>
<!--<?xml version="1.0" encoding="UTF-8"?>
<WISPAccessGatewayParam xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.acmewisp.com/WISPAccessGatewayParam.xsd">
    <Redirect>
       <AccessProcedure>1.0</AccessProcedure>
       <AccessLocation>HafenCity</AccessLocation>
       <LocationName>HafenCity</LocationName>
       <LoginURL><![CDATA[https://nac.int.kn:444/cgi-bin/hslogin.cgi/?hs_server=nac.int.kn&Qv=it_qpmjdz=Dmfbsqbtt.HvftuBddfttLO.DbqQpsu@bbb_qpmjdz=fnfb.BBB.DmfbsQbtt@dmjfou_njou=574:32:31@dmjfou_nbd=55.96.11.41.37.47@ttje=HvftuBddfttLO@bq_nbd=C9.61.12.B7.F4.11&Client_type=wispr]]></LoginURL>
       <MessageType>100</MessageType>
       <ResponseCode>0</ResponseCode>
    </Redirect>
</WISPAccessGatewayParam>-->
* Closing connection
Comment 1 Nate Graham 2025-10-29 20:02:23 UTC 
> A system dialog should have popped up which asks me for the credentials
Which credentials? Your login credentials? Those aren't currently required to connect a guest-style Wi-Fi network with a captive portal. And what if you're not an admin user?
Comment 2 Malte S. Stretz 2025-10-29 20:13:31 UTC 
(In reply to Nate Graham from comment #1)
> > A system dialog should have popped up which asks me for the credentials
>
> Which credentials? Your login credentials? Those aren't currently required
> to connect a guest-style Wi-Fi network with a captive portal. And what if
> you're not an admin user?

Good question. This feature is for guest wifis for which you have to enter credentials on the Captive Portal to "unlock" the wifi. In this case you have to request temporary guest credentials (a username/password combination) from an employee. I've seen other cases at coffee shops where you have to ask the staff for these credentials.

You don't need admin credentials because according to my understanding it is a protocol which allows the OS to show a system dialog to POST the credentials to some HTTP endpoint provided by the captive portal.

I tried to dig up the spec, unfortunately it looks like it was depublished (cf. https://en.wikipedia.org/wiki/WISPr) but according to https://wballiance.com/glossary/#anchor-w it should have been in the Public Domain so it must be available somewhere.
Comment 3 Malte S. Stretz 2025-10-29 20:27:56 UTC 
I found a copy of the v1.0 spec here http://www.ebusinessforum.gr/engine/index.php?op=modload&modname=Downloads&action=downloadsviewfile&ctn=500&language=el -- I don't want to attach it here though since I am not 100% sure if that's legal. The protocol is explained in Annex D.  

I didn't find the 2.0 spec but some explanation of the flow here https://coova.github.io/development/2010/08/09/coovachilli-wispr-2-0.html and some ancient client code here https://github.com/gjedeer/androidwisprclient (Java, GPL) and here https://github.com/wichert/wispr (Python, weird license which might be ZPL).
Comment 4 Nate Graham 2025-10-30 16:20:44 UTC 
Unfortunately if the protocol isn't open, it isn't super practical for us to implement it.