09-26-2014 08:29 AM
Got most of the social login stuff configured but there's still something not working.
I initially set up (sponsored) Clearpass guest with subsequent mac caching and that works just fine. I then
- created a twitter app
- added a social login icon to my guest login page
- set up the mobility controller to whitelist api.twitter.com and twimg.com.
When I click on the twitter icon, I get directed to the twitter login page. I enter my twitter credentials click login and promptly get redirected back to the guest login page.
Silly question but what's supposed to happen after I enter my twitter credentials?
Looking in ClearPass Policy Manager Access tracker, I can't see any auth request hitting the "Social Login service" I created.
Looking in ClearPass Guest logging doesn't show anything either.
Two things spring to mind
1). I typed the password in incorrectly - but I don't think so
2). I haven't whitelisted everything I need to.
I'm assuming that after I submit a valid set of twitter credentials somehow I should hit a clearpass service where I can set up roles and access accept stuff. Is this correct? Or should I be redirected back to the guest login page i created and I have to do "something else"?
09-26-2014 08:51 AM
Do you have DNS lookups enabled and DNS servers defined on all of your controllers?
Also, for testing, can you allow all of twitter.com? (*.twitter.com)
09-29-2014 08:35 AM
I have to say, I *think* we have DNS servers enabled. As for DNS lookups enabled, where ,might we find that config option?
As for *.twitter, Yup that should be no problem
09-30-2014 06:39 AM
o.k went round our controllers and although we had ip domain lookup enabled we didn't have any DNS name servers configured. Added them to each controller and checked that they each could return valid ip addresses, yup that worked. Tried the portal login and nope still didn't work.
Added name *.twitter.com to my netdestination twitter config block and everything sprang into life. Access to outside world and clearpass shows the correct service being used with the right username.
So, guess i now need to restrict access to bits of the twtter domain during the login process. Any idea how to narrow it down?
09-30-2014 10:28 AM
you should only need the following
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
10-01-2014 02:58 AM
Yup that's what I looked at. Tried removing *.twitter.com and although I get to the twitter login page, I don't get any further. This was through the "cut down" browser window you get on OS X when it thinks you are connected to a captive portal. Reinserting *.twitter.com and things "just worked"