Security

Got most of the social login stuff configured but there's still something not working.

I initially set up (sponsored) Clearpass guest with subsequent mac caching and that works just fine. I then

1. created a twitter app 
2. added a social login icon to my guest login page
3. set up the mobility controller to whitelist  api.twitter.com and twimg.com.

When I click on the twitter icon, I get directed to the twitter login page. I enter my twitter credentials click login and promptly get redirected back to the guest login page.

Silly question but what's supposed to happen after I enter my twitter credentials?

Looking in ClearPass Policy Manager Access tracker, I can't see any auth request hitting the "Social Login service" I created.

Looking in ClearPass Guest logging doesn't show anything either.

Two things spring to mind

1). I typed the password in incorrectly - but I don't think so

2). I haven't whitelisted everything I need to.

I'm assuming that after I submit a valid set of twitter credentials somehow I should hit a clearpass service where I can set up roles and access accept stuff. Is this correct? Or should I be redirected back to the guest login page i created and I have to do "something else"?

Rgds

Alex

Do you have DNS lookups enabled and DNS servers defined on all of your controllers?

Also, for testing, can you allow all of twitter.com? (*.twitter.com)

I have to say, I *think* we have DNS servers enabled. As for DNS lookups enabled, where ,might we find that config option?

As for *.twitter, Yup that should be no problem

Rgds

A

show running-config | include "ip domain lookup"

o.k went round our controllers and although we had ip domain lookup enabled we didn't have any DNS name servers configured. Added them to each controller and checked that they each could return valid ip addresses, yup that worked. Tried the portal login and nope still didn't work.

Added name *.twitter.com to my netdestination twitter config block and everything sprang into life. Access to outside world and clearpass shows the correct service being used with the right username.

So, guess i now need to restrict access to bits of the twtter domain during the login process. Any idea how to narrow it down?

Rgds

Alex

you should only need the following

api.twitter.com

twimg.com

Hi,

Yup that's what I looked at. Tried removing *.twitter.com and although I get to the twitter login page, I don't get any further. This was through the "cut down" browser window you get on OS X when it thinks you are connected to a captive portal. Reinserting *.twitter.com and things "just worked"

Rgds

Alex

Do you happen to know the urls to whitelist for Instagram?