Reply

How to disable SSO login?

nanorobocop
Tutor

How to disable SSO login?

Hi here!

 

I'm happy owner of Netgear WAC124 access point. Firmware Version V1.0.4.4

When setup first time I've created netgear account and registered the product.

But on next logins it always redirect to sso.html page to login using mynetgear account.

I can't use my local login when I connected to Internet.

There seems no settings to disable SSO login. Or I can't find it?

If there's no such settings, I'd like to request it. I don't want to use SSO login and share my access time.

 

Same request for different model: https://community.netgear.com/t5/Smart-Plus-Click-Switches/GS108Tv3-cannot-use-local-login-with-inte...

 

Thanks

Model: WAC124|AC2000 Dual Band 4x4
Message 1 of 17
Pjpj
Tutor

Re: How to disable SSO login?

Same here. Eagerly waiting for a solution. 

Model: WAC124|AC2000 Dual Band 4x4
Message 2 of 17

Re: How to disable SSO login?

I also would like to disable the SSO stuff and use local administration.

 

Model: WAC124|AC2000 Dual Band 4x4
Message 3 of 17
dehart007
Initiate

Re: How to disable SSO login?

Yeap - definately need an option to login to the router locally without going out to internet for SSO.  It's my dam router that I bought and I should not be holden to a cloud account to login locally to my device.  YO NETGEAR, are your hearing us!!!  FIX IT!!!!!   If I knew this I would of purchased the other router I was looking at from ASUS that DOES ALLOW YOU TO LOGIN LOCALLY!!!!!!

 

 

Model: WAC124|AC2000 Dual Band 4x4
Message 4 of 17
nanorobocop
Tutor

Re: How to disable SSO login?

Hi, I contacted Netgear support about this topic.

 

This is the answer:

I am sorry but the SSO was intentionally designed for the WAC124 and there is nothing to fix about it.

 

What I also discovered about SSO page is that it exposes login information to 3rd party domains like gigya.com, googletagmanager.com, google-analyticss.com, doubleclick.net. Request to those domains includes your device serial number! You can check in browser dev tools about that.

 

Netgear support answered to that:

> These are to check if there is any system downtime internally in the background and some of them are for google analytics which they have configured to trace the logs of users. Google analytics is basically to track the number of users visiting accounts portal login screen, signup screen, 2FA screen, login settings screens. Apart from it, we don't track users personal information as per the Privacy Policy of NETGEAR

 

I'm not sure how this behaviour could comply with privacy policy.

But in any case I don't agree with that and decided to return my device and swtich to normal brand instead of using Netgear.

Message 5 of 17
Pjpj
Tutor

Re: How to disable SSO login?

Yeah. I waited too long to return mine so it went into the electronics waste disposal. If I can't have a local login and keep mine and my devices info private, I will just buy a different brand. Which I did. I think Netgear maybe miscalculated on this one. 

Message 6 of 17

Re: How to disable SSO login?

I think Netgear is going on my "not to buy brand" list - I have had lots of Netgear equipment over the years and was always happy with it but the last 3 devices have been an absolute nightmare. I had the WN3500RP wifi extender that always went via mywifiext.com for some sort of authentication and I managed to stop that by creating a local DNS override to point that domain to the local IP address. I bought the WAC124 to use as a simple access point to replace my WAC120 which I had to reset at least once a week as it would drop connections or start slowing down traffic so it was even slower then my legacy access points which I never have to touch. With this WAC124 I can not disable the SSO without DNS blacklisting the whole of netgear.com and even once you are logged in to the device it is riddled with bugs. - I can not see what devices are blocked or allowed in the MAC access list and when the access list the logs fill up with mac addresses which are not even physically attached to the device.

 

I wonder if https://openwrt.org/toh/netgear/netgear_wac124?s[]=wac124 may be an option but I have never used Open-WRT. I do have another netgear device with DD-WRT on it which is very reliable but unfortunately the WAC124 is not listed on their site

Model: WAC124|AC2000 Dual Band 4x4
Message 7 of 17

Re: How to disable SSO login?

 

Just as an update - I have applied OpenWRT to this access point now - installation was a  easy but I had to get in via the lan ports to set the password and then follow separate instructions to get the web interface going which was a little bit fiddly - It is now all up and running with the configuration I want and loads of extras that this access point could not do before. Hopefully it will be stable with it which will take a few weeks to find out. If not I already have a dlink access point on order which is slightly slower but I can live with that since my broadband is very slow any way.

 

 

Model: WAC124|AC2000 Dual Band 4x4
Message 8 of 17
nanorobocop
Tutor

Re: How to disable SSO login?

Thanks for update!

But I believe switching to openwrt firware - disables warranty, doesn't it?

Message 9 of 17
nanorobocop
Tutor

Re: How to disable SSO login?

Also, just curious, any other benefits you get from openwrt firware?

Message 10 of 17

Re: How to disable SSO login?

Yes I believe the warrenty is void but there are propably ways of getting the original firmware back on the device although I was not really too worried about that since the device is not that expensive in the first place.

 

 

Feature wise some of the stuff I wanted I could not get on the stock firmware are (but there are tons more):

- ssh access: I can now ssh into the device and use standard Unix/Linux commands to administrate it and fiddle with stuff that was not available before

- There are repositories for the openwrt stuff that give you access to additional tools like SNMP and advanced firewall features. I even saw Asterisk/Voip stuff in the repos. The SNMP access is useful for me since I can now use my Cacti setup (https://www.cacti.net/) to graph the utilisation of the device.

- You can have more SSID's for guest networks etc and you can customize all of them rather then the 3rd ssid on the stock firmware not giving you access to the LAN ports etc.

- The web gui of openwrt has live graphs to monitor traffic and you can tell from the device at what rates devices are connected to it.

 

You will loose the RedySHARE stuff that is build into it but the repos have standard samba server and FTP server stuff available for the device so you can propably configure something more advanced with that but I was not using that anyway and only use this device as a plain access point to extend my existing network. The only reason I got this device is the higher throughput rates then what my legacy netgear and cisco stuff offers.

 

 

 

 

 

Model: WAC124|AC2000 Dual Band 4x4
Message 11 of 17
schumaku
Guru

Re: How to disable SSO login?


@HubertusHaniel wrote:

I had the WN3500RP wifi extender that always went via mywifiext.com for some sort of authentication and I managed to stop that by creating a local DNS override to point that domain to the local IP address.


That's exactly what the extenders do when connecting a system to the extender (wireless or wired) and the user does call mywifiext.com (and .net fwiw) - except if some secured/encrypted DNS is used, in that case you end on Netgear's landing page instead on the extender login. You can connect to to any extender without any internet connection using these special domains.

Message 12 of 17
bizprotech
Aspirant

Re: How to disable SSO login?

I'm doing the same, no more NetGear purchases.  WHy would NetGear for Business think it's OK to create personal password secrets and force a login to manage their crap.  Ridiculous, this is not acceptable.

Model: WAC124|AC2000 Dual Band 4x4
Message 13 of 17
bizprotech
Aspirant

Re: How to disable SSO login?

NetGear msut not be paying attention to security.  The security breaches we are hearing about on the news involve hacks to centralized services like NetGear is pushing on people.  Way to weaken customer's network security NetGear.  :golfclap:

Message 14 of 17
schumaku
Guru

Re: How to disable SSO login?

This problem does only apply to the WAC124.

 

@YeZ can this unliked design replaced by a standard Netgear wireless AP version, too?

 

On the cloud manageable switches where such a similar feature briefly showed up in the second half of 2020, it's no longer required anymore, too.

Message 15 of 17
cybernawt
Aspirant

Re: How to disable SSO login?

I'll be trashing this POS nighthawk the first chance I get. And won't be buying netgear CRAP.  Your POS router keeps redirecting to your stupid ass website saying I "may not be connected to my WiFi" when I clearly am because I'm reading the F'n page over the internet.  This is ENRAGING.  I'm trying to get work done and I can't because I have to screw with this stupid ass, broke POS. All because you want to collect data on your users.  **bleep** YOU

Message 16 of 17
schumaku
Guru

Re: How to disable SSO login?


@cybernawt wrote:

I'll be trashing this POS nighthawk the first chance I get.


There is no word of Nighthawk routers neither in the Netgear business community, nor specifically in this thread. 

 


@cybernawt wrote:

Your POS router keeps redirecting to your stupid ass website saying I "may not be connected to my WiFi" when I clearly am because I'm reading the F'n page over the internet.  This is ENRAGING.  I'm trying to get work done and I can't because I have to screw with this stupid ass, broke POS. All because you want to collect data on your users.  **bleep** YOU


Save your energy - we're community members.

 

Most connection issues using these DNS names are really caused by wireless connections to other APs, for example an ISP router, or caused by using "secure" DNS (https/ssl based) what the device in the data path can't capture and inject the LAN IP reply.

 

On the subject WAC1xx here - when I have it right, this aplogin.com/.net does only work as long as the AP isn't set-up. Later, the special named don't work anymore.

Message 17 of 17
Top Contributors
Discussion stats
  • 16 replies
  • 2482 views
  • 10 kudos
  • 7 in conversation
Announcements