We have a back end RADIUS service that allows us to either authenticate our users against an AD server or proxy visiting eduroam users off to their home site for authentication.
I've just been asked if it might be possible to allow users to connect to a local SSID and authenticate using either their Facebook, LinkedIn or even Google credentials.
Anyone done this sort of thing? Is there an API that you could use to link into an external auth service for above systems or do you somehow point to a captive portal login/auth page?
I believe there is an open feature requests for this type of functionality in ClearPass Guest.
We are greatly looking forward to that type of functionality for our guests.
We are developing something internally to authenticate with Facebook and Google+ but you would need to speak to an external API to accomplish this.
Here is some information from facebook on this topic to start your off.
This is something that we have been testing and if you would like to test this just send me a private message and I can see if I can get you a beta code.
Just remember that this is a non TAC supported feature so they will not be able to help if you have issues.
Soulds like something I'd like to have a look at. How do I contact you off line?
I'd very interested in getting that information as well. Clearpass is something we now providing and this will definitely help our service offering in conjunction with our own developped solutions.
Is it ok Troy for you to pass this along to me as well?
I sent you a Private message
I would interested in this as well. Thanks in advance.
Could I also get this information? Many thanks. I am especially interested in the Linkedin use cases.
im also interested, can you please send me the email. thank you in advance
Would appreciate a copy of this information as well..
PM me if you'd like...
I would like to kindly ask about that as well :)
Any update regarding this new feature to be able to log in with Facebook or Google+ accounts?
I have read the release notes for 6.3.1 and 6.3.2 but can't find any information about this.
I am evaluating clearpass and have 6.3.3 loaded, but cannot find anything that references external entities as an authentication source like the posts lists.
Has this been implemented or is this still in "development"?
Thanks... much appreciated for the prompt reply. Is there a timeframe when such service will / would be available?
It is currently in Alpha at a few customer locations. I will send out a notifiction when it is going to full production. I have no current commit date as of today.
Ok.. once again much appreciated.. We will move forward with an e-mail validation process for guest access in the interim
is there any details about that?
it's possibile to "force" guest to put "i like" in facebook wisp page before getting access?
Spoiler alert! !!! :)
@andrea.consadori wrote:is there any details about that?it's possibile to "force" guest to put "i like" in facebook wisp page before getting access?Andrea,----------------------------------------------------------------------------------------------------------------------------------------------- I’m confused on your first question. As for your second question. You will be able to have a page with the login with Facebook page, and then you will be able to have VIP access. Their might be a way to force a user to like your page but you would need to do some creative services. It will not be a native function but would be a nice feature request. Below is a screen shot of an example page. A sample scenario: A guest user logins in with the LinkedIn button. The user likes company A on LinkedIn and you will be able to see their like status in a return attribute from LinkedIn and you grant them a better QOS/Bandwidth compared to a user that does not like company A on LinkedIn.
I’m confused on your first question.
As for your second question. You will be able to have a page with the login with Facebook page, and then you will be able to have VIP access. Their might be a way to force a user to like your page but you would need to do some creative services. It will not be a native function but would be a nice feature request.
Below is a screen shot of an example page.
A sample scenario: A guest user logins in with the LinkedIn button. The user likes company A on LinkedIn and you will be able to see their like status in a return attribute from LinkedIn and you grant them a better QOS/Bandwidth compared to a user that does not like company A on LinkedIn.
How close is this to being available to Prime Time?
Thanks for the update... I guess 6.4 is only available to the beta group for now, as I do not see it for download yet.
Can I have the information too? I am trying out facebook integration with Clearpass.
Any solution for now? Anyone can share some info?
6.4 is around the corner and as of today there is an old way of doing it by adding a few files to CPPM. I can send you the files but they are not supported by TAC, there is only basic setup and it is very challenging to setup.
My recomendation is to wait until the full release is availible. Im sure you can understand that we would like to make sure we do a full test and work through any issues before it goes out to production. :)
We are not only giving you a Facebook login, but also Linkedin, Google, twitter to name a few. As of today there is over 20 different social logins you will be able to use.
Thanks bro! You are the best!
That's awesome... it will add additional options to the validated e-mail / sms options already configured.
6.4 was released a few hours ago.
Have fun :)
Awesome! Thanks for the update.
Is there any guide for this feature?
Where can I download the 6.4 version? I am using a IAP 105 for my dental office.Thanks!
I don't have ClearPass, just use a stand alone IAP 105 for the office, would love to be able to use the FaceBook Check-in option for patients to give them wifi access.
You can always try 90 days eval
of course it would be nice to have it, but clearpass for one IAP105 at one dental office might be a little extreme. anyone heard of companies offering clearpass as a saas?
For now, I have installed a Netgear AP with FaceBook wifi, there are few other routers out there, will see how it works.
In the upcoming release 4.1.1 for the IAP, the facebook WiFi feature is also built-in, you don't need any external devices or services.
Thank you Yan Liu!! Would you know when it will be released?
It should be in the next 2-4 weeks.
Yan Liu, do we need IAP 4.1.1 for normal social media login to work also? I'm trying to implement facebook login using IAP with 188.8.131.52-184.108.40.206_45704, but for now no luck.
I get a "required field unavailable" when I click the Facebook login button after redirection.
And Troy - as far as I can tell there is still no arubapedia documentation accessible for partners yet regarding the Social Media Logins implementation using CP 6.4.x. There are however some excellent videoes that explains it all using 6.3.1 and .4, so I'm slowly piecing it together.
Gonna try this using a Controller based demo and see if I might have better luck.
Ok, so the reason I'm getting the errormessage was due to the missing mac adress in the mac field. When I put that in the URL I was able to get facebook login. Still no idea how to automagically get that done tho..
Ok - in short...
This tested using CP 6.4.x and IAP 220.127.116.11-18.104.22.168_45704.
- You NEED to use https
* Without https you just get "missing parameter" when clicking the "Login with Facebook" button.
- You need to redirect to a valid FQDN
* This FQDN and the entire loginpage URL has to be connected to your facebook App..
- Walled Garden on Instant doesn't seem to be working like whitelisting on Controller. So you need to add the necessary facebook URL's to your logon role. https to facebook.com and akamaihd.net should cover all bases.
One snag I found just immediately - tt seems like the email fetched from facebook doesn't overwrite an existing username on the Endpoint if another exist. I would assume that it should've overwritten with the latest username I logged in with - bug?
Is there a guide somewhere to implement this ?
I am not sure about what I need to do on the Facebook side and I don't know if check the "social login" when creating the page is enough on the ClearPass Guest side.
EDIT : Found out about Social Media Tips from tarnold. I now have my facebook app created, and the button is on the login page. When I click on it, I can reach the facebook page asking if you want to connect, but when I click OK nothing happens and I'm getting redirected to the captive portal. Any Idea ?
Are you showing up in Access Tracker after you login with facebook? If so make sure your hitting the correct service and your sending back an enforcement profile to the controller that puts you in a post-auth role.
Yup got it working o.k. now. I'm hitting a service I set up for social logins and have applied an enforcement profile specific to facebook,twitter etc