Nobody is asking companies to "give up control of their guest network". Technology evolves. This area is evolving.
Not sure I understand your comment. eduroam has been running in full production with heavy usage and high user satisfaction for over a decade+.
RE: Passpoint, sure, the technology has struggled in the past, but the past 2 years have seen exponential adoption.
Captive portals are wildly insecure and the mini browsers are not capable of supporting modern authentication.
------------------------------
Tim C
------------------------------
Original Message:
Sent: Oct 14, 2021 11:39 AM
From: James Andrewartha
Subject: Facebook support for embedded browser on Android
Tell them they're dreaming. How many years have they been trying to make passpoint happen? It's not going to happen. Eduroam just barely works thanks to common interest in a non-profit community, getting companies to give up control of their guest networks is a pipe dream.
I just wanted to let staff register their personal devices using Azure AD OIDC to save them entering their details manually, but apparently we can't have nice things.
Original Message:
Sent: 10/14/2021 11:28:00 AM
From: timms
Subject: RE: Facebook support for embedded browser on Android
Speaking solely from the industry perspective, the industry goal is to eliminate captive portals. Visitor access would come via federations leveraging Passpoint.
Original Message:
Sent: 10/14/2021 11:16:00 AM
From: cauliflower
Subject: RE: Facebook support for embedded browser on Android
Sorry - one extra question. Regarding Guest social media login options, will Aruba be able to offer an alternative method that will mean Guest social media login is still available (if in a different form)? Is there a method of achieving these logins that Aruba will offer in future releases that bypasses the current issues, or are we all entirely reliant on changes by device manufacturers?
It seems like there wouod be a demand for Guest social login in future
------------------------------
Guy Goodrick
Original Message:
Sent: Oct 14, 2021 09:52 AM
From: Tim C
Subject: Facebook support for embedded browser on Android
https://developers.googleblog.com/2021/06/upcoming-security-changes-to-googles-oauth-2.0-authorization-endpoint.html
Original Message:
Sent: 10/14/2021 9:28:00 AM
From: cauliflower
Subject: RE: Facebook support for embedded browser on Android
Sorry, one last question. You probably can't answer this, but just in case - do you have any sense of the kind of time-frame we are talking here for the big providers (is there a sense of urgency to this? I guess as it is a security issue there could be)?
------------------------------
Guy Goodrick
Original Message:
Sent: Oct 14, 2021 09:21 AM
From: Tim C
Subject: Facebook support for embedded browser on Android
Many will stop working in the captive portal mini-browser in the future.
I can't speak on behalf of any company, but I imagine this is a low priority use case to address.
------------------------------
Tim C
Original Message:
Sent: Oct 14, 2021 09:06 AM
From: Guy Goodrick
Subject: Facebook support for embedded browser on Android
Thank you Tim,
So (just so I understand the implications correctly) as far as the Guest social provider logins are concerned does this mean we can't rely on these working in future? At least on devices that use embedded/mini browsers?
Do you know if device manufacturers are looking at changing the behaviour? Or should we plan to move away from the social provider options that Guest offers? Obviously this has quite a lot of implications for our guest service.
------------------------------
Guy Goodrick
Original Message:
Sent: Oct 14, 2021 08:33 AM
From: Tim C
Subject: Facebook support for embedded browser on Android
Currently, the only options are to break out of the captive portal mini-browser or discontinue use of federated sign in on captive portals.
------------------------------
Tim C
Original Message:
Sent: Oct 14, 2021 08:28 AM
From: James Andrewartha
Subject: Facebook support for embedded browser on Android
So what does that mean in practice? Are there any alternatives?
Original Message:
Sent: 10/14/2021 7:41:00 AM
From: timms
Subject: RE: Facebook support for embedded browser on Android
You should assume that all OIDC-based federated sign-in will be blocked from WebViews in the future and start planning for it.
------------------------------
Tim C
Original Message:
Sent: Oct 14, 2021 06:24 AM
From: Guy Goodrick
Subject: Facebook support for embedded browser on Android
Hello,
4 x ClearPass boxes in cluster 6.9.7
AOS 8.7.1.5 (10 box cluster)
We are implementing Guest with social login as the only option (Facebook, Twitter, LinkedIn, Amazon). Facebook announced it was withdrawing support for the Android embedded browser on the 5th Oct, and sure enough login attempts from Android started failing then:
Deprecating support for FB Login authentication on Android embedded browsers
But strangely enough in the past week or so it seems to be working again! Has anyone else come across this? Or does anyone have any info about it? While it is good that it is working we want to be sure it is going to keep working!
Thank you,
Guy
------------------------------
Guy Goodrick
------------------------------