Ok - in short...
This tested using CP 6.4.x and IAP 6.4.0.3-4.1.0.2_45704.
- You NEED to use https
* Without https you just get "missing parameter" when clicking the "Login with Facebook" button.
- You need to redirect to a valid FQDN
* This FQDN and the entire loginpage URL has to be connected to your facebook App..
- Walled Garden on Instant doesn't seem to be working like whitelisting on Controller. So you need to add the necessary facebook URL's to your logon role. https to facebook.com and akamaihd.net should cover all bases.
One snag I found just immediately - tt seems like the email fetched from facebook doesn't overwrite an existing username on the Endpoint if another exist. I would assume that it should've overwritten with the latest username I logged in with - bug?