Security

last person joined: 9 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

do i need to public clearpass when im doing social media login?

Jump to Best Answer
  • 1.  do i need to public clearpass when im doing social media login?

    Posted Jun 02, 2017 05:52 PM

    I was wondering if i need to do this in order to make social media login works

    For example right now im using something like

    clearpass.domain.com  this is pointed to a public ip address which is the clearpass

    I put that url on the website on social media app developer configuration.

    And i also put that url on the url of the controller to point the clearpass..

    It works perfectly that way.   I remenber i tried doing it without doing that with azure an didnt work...  I was wondering if maybe i did misconfig something and is really not needed...

    Even on the example i have seen on arubanetworks airheads on this they seems that they make public the clearpass but with a name.

     

    Cheers

    Carlos

     



  • 2.  RE: do i need to public clearpass when im doing social media login?

    Posted Jun 02, 2017 06:00 PM
    No, your server does not have to be public facing.


  • 3.  RE: do i need to public clearpass when im doing social media login?

    Posted Jun 02, 2017 06:15 PM

    Tim 

    On facebook URL where i put the URL of the clearpass

    What should i put then?

     

    Right now i got something like https://clearpass.domain.com/guest/facebook.php

     

    Can i use  something like

    https://172.16.3.225/guest/facebook.php

     

    Or in what way should i put the url there? so it can work properly

     

    Cheers

    Carlos



  • 4.  RE: do i need to public clearpass when im doing social media login?

    Posted Jun 02, 2017 06:20 PM
    You should not be using IP address for anything. Whichever FQDN your clients access ClearPass, should be configured in the cloud providers.


  • 5.  RE: do i need to public clearpass when im doing social media login?

    Posted Jun 02, 2017 06:38 PM
    So i just put a fqdn of clearpass even if it point to a private ip and its okay?


  • 6.  RE: do i need to public clearpass when im doing social media login?
    Best Answer

    Posted Jun 02, 2017 06:41 PM
    Yes. As long as the client browser can resolve it, you're all set.


  • 7.  RE: do i need to public clearpass when im doing social media login?
    Best Answer

    Posted Jun 05, 2017 09:10 AM

    Hello Tim i just tried this today again.

    It wasnt working before when i tried because the name of the server i had was something like alt_clearpass.domain.local

    When you configure that on facebook app you can put it, it accept it but i see that it tells you that is an invalid domain( i think that i didnt see that before) and it wont work... so i took the underscore out, and now it look it as a valid domain and now it works...

    so changing it to clearpass.domain.local made it work.

     

    So i guess that when i did the first time it didnt work cause of that and i though in that time that you needed a public domain

     

    Thank you Tim!!

     

    Cheers

    Carlos



  • 8.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 05, 2018 12:33 PM

    It looks like Google will not accept a .local domain.

     

    image.png



  • 9.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 05, 2018 02:21 PM

    im just configuring this for a demo, and im stuck in the same thing..

    Google wont accept .local...



  • 10.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 05, 2018 02:24 PM
    Also, Google requires verification..

    I have used DNS trickery with the hosts file to get past the URL check. However, how are you supposed to verify that. Seems you can't setup a google POC.


  • 11.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 05, 2018 02:29 PM
    You ALWAYS need a public CA-signed cert for guest workflows.


  • 12.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 05, 2018 02:45 PM
    I'm not sure I follow. How are you supposed to verify the domain with Google (not gsuite) if the domain is internal? (.local, .dev, etc)

    I setup a host clearpass.home.com in my host file so it would pass the google url check for redirection uri.


  • 13.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 05, 2018 02:47 PM
    You need a publicly registered domain and a public CA-signed cert.


  • 14.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 05, 2018 03:13 PM

    So, no internal domains that are not registered / verifiable. . must be .com/.org (for Google at least)

    So, I acquire a cert for clearpass.mydomain.com  I just use my internal DNS servers to resolve clearpass.mydomain.com to an internal IP. . is that the idea?



  • 15.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 05, 2018 03:15 PM
    Yes.


  • 16.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 05, 2018 07:40 PM

    You're great, Tim. I've made some progress as far as the domain cert thing. Now, i'm getting a different cert problem with it tries to hit accounts.google.com. I'm not sure where to put an additional(??) certificate.

    FYI. I was in all your sessions at ATM18. . great stuff. 
    image.png



  • 17.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 05, 2018 07:52 PM

    I think I found the answer. . I have to buy another Cert for the controllers. . .



  • 18.  RE: do i need to public clearpass when im doing social media login?

    Posted Apr 06, 2018 02:33 PM

    Hello Tim

    I made it work but it seems its letting me authenticate even with my personal gmail account... and i just want that users with the school domain can.

    I bealive i can work on a enforment profile to not let this happen... but is there a way to do it without doing that?

     

    I bealive that in office 365 you dont even need to do that  as you using the active directory  of azure... i mean if you not there then you wont hafve access, but it doesnt seems to be the same thing on google....