AAA, NAC, Guest Access & BYOD

How to Configure Facebook-WIFI, with Aruba controller and ClearPass 6.4 and above

Aruba Employee
Requirement:

Requirement: ClearPass 6.4 and above.

Environment: Aruba OS that supports(name/url based whitelist/netdestinations) and ClearPass.

Valid Facebook local business page with Admin access to it.

 



Solution:

When we have a Guest network and a Facebook Business page, we can have the clients redirected to the Business page, when they connect to Guest SSID and use their Facebook credentials to login and  do "check in" to get free WIFI.

 



Configuration:

 

ClearPass Guest configuration:

Navigate to Guest module, by going to http://<clearpass IP>/guest.

Go to Configuration >> Pages >> Web logins and click on Create a new web login page

 

Enter the page details, and configure as per your requirement, for example:

 

Add "{nwa_social_logins}" in the Footer HTML in the login page as shown below:

 

Select the provider as Facebook WIFI, under the Social Login configuration.

Note: Check the box "Automatically redirect the guest to this provider" in the Social Login configuration, if you want the client to go to the Facebook page directly, instead of the web login page.

 

Note: Please open a ticket with TAC with the below information to obtain Facebook-WIFI Client ID and Client Secret.

Account name:

Contact Name:

Contact email:

Organization Facebook page URL:

Note: The above contact person should be the Admin for the respective Facebook page.

 

Controller Configuration,

Configuration on the controller will be the same as any other Guest SSID (captive portal configuration) and map the above configured weblogin page, in this case it is <http://<clearpass IP>/guest/testingfb.php>

 

Please refer the below link for more details on Aruba Controller and ClearPass integration for guest authentication.

http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=10345

 

Additionally, we need to allow the access to below URL’s in the guest logon/initial Role. These URLs can be added under Stateful Firewall >> Destinations and mapped to teh guest logon/initial role.

Facebook.com

Graph.facebook.com

Akamaihd.net

*.facebook.com 

 

As shown below in the screenshot:

 

ClearPass Policy Manage Configuration:

We could use the Default the Guest Social login, service template from  Configuration >> Start here:

 

By default the service would have all the necessary configuration. However, if needed, we could make any changes to the service as per the requirement.

 

Once the complete configuration is done, we could navigate to the below URL:

https://www.facebook.com/wifiauth/config?gw_id=<client ID>

Note: Client ID is what we got from Aruba TAC Team, which we configured in Guest module.

 

Navigating to the URL, will take us to the page, where we can map the Facebook business page and we could also configure if the check in is required or how many hours internet access we should provide to the end user, as shown below:

 

Once the configuration is done, when the user connects to this Guest SSID and checks in to the Facebook business page, it will generate a string and provide it to ClearPass, with which it will update the Endpoint repository. The same will be the username, which will be posted by the client to the Controller, Controller will again, send it to ClearPass as a RADIUS request. Once authentication completes the client will be placed in the post authentication role.

 



Verification

Make sure you are the Admin to the FB business page and you have location configured to check in.

Make sure the client is able to reach the Facebook URL’s.

Can refer below URL for more info:

 

https://www.facebook.com/help/109150235937957.

 

Version history
Revision #:
2 of 2
Last update:
‎06-28-2016 04:38 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.