Security

Reply
Super Contributor I
Posts: 289
Registered: ‎02-07-2013

Clearpass 6.4 and Social Logins (Twitter)

Got most of the social login stuff configured but there's still something not working.

 

 

I initially set up (sponsored) Clearpass guest with subsequent mac caching and that works just fine. I then

 

  1. created a twitter app 
  2. added a social login icon to my guest login page
  3. set up the mobility controller to whitelist  api.twitter.com and twimg.com.

 

When I click on the twitter icon, I get directed to the twitter login page. I enter my twitter credentials click login and promptly get redirected back to the guest login page.

 

Silly question but what's supposed to happen after I enter my twitter credentials?

 

Looking in ClearPass Policy Manager Access tracker, I can't see any auth request hitting the "Social Login service" I created.

 

Looking in ClearPass Guest logging doesn't show anything either.

 

Two things spring to mind

 

1). I typed the password in incorrectly - but I don't think so

2). I haven't whitelisted everything I need to.

 

I'm assuming that after I submit a valid set of twitter credentials somehow I should hit a clearpass service where I can set up roles and access accept stuff. Is this correct? Or should I be redirected back to the guest login page i created and I have to do "something else"?

 

Rgds

Alex

 

 

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Clearpass 6.4 and Social Logins (Twitter)

Do you have DNS lookups enabled and DNS servers defined on all of your controllers?

 

Also, for testing, can you allow all of twitter.com? (*.twitter.com)


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Super Contributor I
Posts: 289
Registered: ‎02-07-2013

Re: Clearpass 6.4 and Social Logins (Twitter)

I have to say, I *think* we have DNS servers enabled. As for DNS lookups enabled, where ,might we find that config option?

As for *.twitter, Yup that should be no problem

Rgds

A

 

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Clearpass 6.4 and Social Logins (Twitter)

show running-config | include "ip domain lookup"

 


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Super Contributor I
Posts: 289
Registered: ‎02-07-2013

Re: Clearpass 6.4 and Social Logins (Twitter)

o.k went round our controllers and although we had ip domain lookup enabled we didn't have any DNS name servers configured. Added them to each controller and checked that they each could return valid ip addresses, yup that worked. Tried the portal login and nope still didn't work.

 

Added name *.twitter.com to my netdestination twitter config block and everything sprang into life. Access to outside world and clearpass shows the correct service being used with the right username.

 

So, guess i now need to restrict access to bits of the twtter domain during the login process. Any idea how to narrow it down?

 

Rgds

Alex

 

Aruba
Posts: 1,526
Registered: ‎06-12-2012

Re: Clearpass 6.4 and Social Logins (Twitter)

you should only need the following

 

api.twitter.com

twimg.com

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Aruba
Posts: 1,526
Registered: ‎06-12-2012

Re: Clearpass 6.4 and Social Logins (Twitter)

socialmedia15.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Super Contributor I
Posts: 289
Registered: ‎02-07-2013

Re: Clearpass 6.4 and Social Logins (Twitter)

Hi,

Yup that's what I looked at. Tried removing *.twitter.com and although I get to the twitter login page, I don't get any further. This was through the "cut down" browser window you get on OS X when it thinks you are connected to a captive portal. Reinserting *.twitter.com and things "just worked"

Rgds

Alex

 

Occasional Contributor I
Posts: 8
Registered: ‎08-08-2011

Re: Clearpass 6.4 and Social Logins (Twitter)

Do you happen to know the urls to whitelist for Instagram?

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Clearpass 6.4 and Social Logins (Twitter)

I believe Instagram only requires www.instagram.com
<>

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: