Security

Dear,

 

I'm having trouble redirecting the social login when I click the facebook button.
Even with public ssl certificate valid in the controller and in the clearpass and already working for the internet, however facebook when doing the redirection does not reoconcept the certificate as valid, even though it is ok as shown in the images.
I need to know if there is anything wrong with clearpass settings or facebook developers.
Is not facebook just opening the certicado account?

The lists below have already been configured.

netdestination cloud-login_facebook
     name * .fbcdn.net
     name * .facebook.com
     name googleads.g.doubleclick.net
     name www.google.com

Looks there is no whitelist for the facebook traffic.
Have you attach the netdestination to a ACL and attach the ACL to the guest-logon rule, before the captive portal rule?
Or just at the listed URL's to the whitelist in the captive portal profile

I just have this setting in netdestination as picture.

 

Is this netdestination linked to a ACL?

No. Is that necessary? I did not see any necessary configuration in the link below because it is the source that I consulted to configure. https://github.com/aruba/clearpass-cloud-service-whitelists/blob/master/cloud-login/cloud-login_facebook.md

Add the netdest to the whitelist in your captive portal profile.

Yes! That is needed.

You can at the netdestination as a whitelist. For example

aaa authentication captive-portal "xyz"
white-list "cloud-login_facebook"

Now I managed to enter in the whitelist profile of the captive portal as informed by you, however it is blocking on facebook.
Now there's nothing missing in the clearpass, right? Need to insert some valid url on facebook?

Can you copy and paste that error message do I can translate it?

Now I can authenticate in the facebook application by putting the facebook password, but I go back to the clearpass (portal) page with this error below.

I'm note sure but I thought that ClearPass needs to acces facebook. So, is clearpass able to access graph.facebook.com?

From clearpass I can not ping to graph.facebook.com because the clearpass server is not connected to the internet, but from the controller I can ping to this facebook link because the controller has an interface released for internet.
Where might the problem be in this case? I could not identify if any configuration is missing.

ClearPass needs to be able to access Facebook.

I do not understand, is not it the controller that makes the request for facebook? Will I have to put the clearpass server to access the internet (facebook) to solve this problem?

ClearPass needs to make calls to Facebook to pull the user info.

OK. tomorrow I will request the inclusion of rule to release the clearpass on the internet and I will post the result here. thank you.

Even inserting the clearpass in the rule of access to the internet we have the following error to access by facebook.

This error when I enter facebook user and password I go back to the captive portal with this message below.

OAuthException "," code "," OAuthException "," code "," OAuthException "," OAuthException "," code " : 1, "fbtrace_id": "E67Id0JISXe"}}

That error is displayed to the Guest??  If it is in the Application Log paste it in it's entirety.  There should have been a descriptive 'message' from them.  That blob is all coming back from their call to graph.

 

To be clear, guests need a whitelist to www.facebook.com (and a few others for images), and ClearPass needs graph.facebook.com.  

Yes this message is that the client receives network guest with captive portal in clearpass.
now the client only returns to the portal after validating the user.
See the error screens.

Your second shot does not show the Social auth source as one it even checked.  Can you rise it in priority?  Do you have a local guest with the same username?

Okay, follow the image.
Users need to authenticate on facebook, because locally it is working ok.

 

NOw I received a new error on the facebook with this image bellow.

 

IN case of google Gsuite I don't receive any page of return on the access tracker, but not show any error but the page of captive portal return for login access.

I still have a problem but a little different.
I am not able to organize the rule to authenticate local login and social login, even using the same service rule.

Below is the service configuration and enforcment.

 

 

Regarding social login I have a question: Is it common for the user to log in with a facebook or google account and not record the user in the Guest Manager Account?

 

 

Hi Anderson, did you manage to solve this issue? I'm with the same problem... included the google issue that is redirect again to the login page after the user log into google account.

------------------------------
Bruno Andrade
------------------------------

Original Message:
Sent: Apr 26, 2019 04:37 PM
From: Anderson Duarte Rodrigues
Subject: Problem to Social Login Facebook

NOw I received a new error on the facebook with this image bellow.

 

IN case of google Gsuite I don't receive any page of return on the access tracker, but not show any error but the page of captive portal return for login access.