For disabling the CNA window, I advise using this method:
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -boolean false
After this change, instead of being obliged to authenticate to get the wifi up, now I can deal with the WIPSr aware captive portal in my browser of choice.
As an interesting tidbit, Firefox seems to be WISPr aware, and displays a warning saying you have to login into the (captive) network.
Another immediate method to achieve disabling the CNA used to be renaming the cut down browser based in Webkit out of the way that is invoked by the WISPr protocol.
As in:
cd /System/Library/CoreServices
mv Captive\ Network\ Assistant.app mv Captive\ Network\ Assistant.app.old
However due to System Integrity Protection in more recent versions of Mac OS, and the steps involved to make it work, the plist modification is now the advised method.
This latter method has also the added disavantage of steps having to be performed to prevent a security update from restoring a copy of the aforementioned binary.