Prevent Captive Portal auto-close after authentication (Android)

This appears to be new Captive Portal behavior in Android devices since the release of Lollipop (5.0).

We have not yet discovered a workaround. If there is an explicit way to disable the auto-dismissal it is probably only documented in the Android codebase available here (I've been looking, but haven't found anything definitive yet):

https://android.googlesource.com/platform/frameworks/base

FYI, we've also noticed Android uses CloudFront CDN for its captive network detection. Our captive portal solution originally used CloudFront for assets, so we had to whitelist CloudFront subnets in pre-auth ACLs. Whitelisting CloudFront subsequently caused captive network detection to fail on recent Android devices. We had to abandon CloudFront CDN to restore captive portal functionality for Android devices.

We have managed to keep the UAM Browser / captive portal browser open on lollipop by adding firewall rules blocking :

• clients3.google.com
• clients1.google.com ,
• android.clients.google.com
• connectivitycheck.android.com
• connectivitycheck.gstatic.com

Thus after the user is authenticated the UAM / Captive Browser stays open.

You can keep UAM open as long as you need, you can close it by invoking a reverse proxied 204 redirect to google's connectivity page.