Security

Clearpass = 6.6.0 - Cisco WLC = 8.2.141

 

1) When using Facebook Social Login APP, I get a SSL_ERROR_BAD_CERT_DOMAIN from Facebook.com.

Both Clearpass and WLC are using a Wildcard cert *.mydomain.com The facebook app:
App Domains: mydomain.com
Site URL: https://authentication.mydomain.com/guest/register_test.php

 

2) After accepting the SSL-cert warning, I'm correct directed to the Facebook app. On windows-pc and android mobile, the page looks correct. On IOS mobile, the facebook page is not showing any graph content (CSS).

The authentication process itself is working correct.

 

The ACL on the WLC permits

*.facebook.com
*.facebook.net
*.fbcdn.net
*.fbstatic-a.akamaihd.net

When I permit https any any, Iphone devices have no problem...

 

Anyone an idea for 1) and  2) ?

I had a lot of issues with social login as well. For the certificate, I can't really help. Had the problem but once I provided a public cert on CPPM and controller, it was gone. for the other one: have you tried allowing: *.akamaihd.net The best way to troubleshoot is to open the webpage code and look at what's being downloaded. Or have tools that shows which scripts and everything is present. If you can add extensions to Chrome iOS, see if you can add uMatrix (it's normally for blocking trackers and scripts) but you can see at what pages it gets resources for that page. (you'll have to allow everything at first so it can load completely)