Security

Reply
Highlighted
Contributor II

Re: WiFi access using Facebook, Google or LinkedIn credentials

Is there a guide somewhere to implement this ?

I am not sure about what I need to do on the Facebook side and I don't know if check the "social login" when creating the page is enough on the ClearPass Guest side.

 

Thanks.

 

EDIT : Found out about Social Media Tips from tarnold. I now have my facebook app created, and the button is on the login page. When I click on it, I can reach the facebook page asking if you want to connect, but when I click OK nothing happens and I'm getting redirected to the captive portal. Any Idea ?

 

- nice2k.

Highlighted

Re: WiFi access using Facebook, Google or LinkedIn credentials

Are you showing up in Access Tracker after you login with facebook? If so make sure your hitting the correct service and your sending back an enforcement profile to the controller that puts you in a post-auth role.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!

Re: WiFi access using Facebook, Google or LinkedIn credentials

Hi,

Yup got it working o.k. now. I'm hitting a service I set up for social logins and  have applied an enforcement profile specific to facebook,twitter etc

 

Rgds

Alex

 

View solution in original post

Highlighted
Regular Contributor I

Re: WiFi access using Facebook, Google or LinkedIn credentials

I have social login working for LinkedIn and Facebook just fine. I'm trying to get Google working but keep having issues with the redirect_uri parameter. I get the error message that local URIs not allowed.

 

Does anyone have any tips for using Google's OAuth API and what the correct settings are?

Regards,

Josh
___________
ACMP, ACCP
Highlighted
MVP

Re: WiFi access using Facebook, Google or LinkedIn credentials

Hello Josh

 

In your google project and credentials - did you change the values under Authorized Redirect URI? That have be real FQDN's for your Clearpass. Can't use uri's like http://192.168.10.10 which is a common scenario for lab. As a workaround for lab try this:

 

If you're on a Windows client testing this:

Edit your c:\Windows\System32\drivers\etc\hosts file

Add the local IP of your CP and some valid domain name - like this:

192.168.10.10   myclearpass.yourfakedomain.com

 

For Mac it's \private\etc\hosts

 

Note! The domain just have to be resolvable for you - not for google. Of course - in a production scenario you will need a valid FQDN that your guests resolve when accessing Clearpass.

 

Update your Google project with the complete URI under Credentials -> Authorized Redirect URI ie: http://myclearpass.yourfakedomain.com/your-loginpage-name.php

 

Also make sure that your Controller now also redirects to the new URI for your guest social login testing :)

 

Thats it!


Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Highlighted
Regular Contributor I

Re: WiFi access using Facebook, Google or LinkedIn credentials

John - thanks for the help. That was the missing piece I think. 

 

Now I get prompted to allow Google access to my data, but the Accept button remains greyed out. I'm wondering do I need to allow more than below in my captive portal whitelist?

 

accounts.google.com

www.googleapis.com

 

Here are the screen caps of my URI redirect and the permission page I'm seeing. 

 

 

2014-12-04 08_48_12-Google Developers Console.png

 

cpg error google.png

 

Thanks again for the help. 

Regards,

Josh
___________
ACMP, ACCP
Highlighted
MVP

Re: WiFi access using Facebook, Google or LinkedIn credentials

Hmm. It seems like you don't have enough access to see all the styling.

 

Try to whitelist these two:

 

  • googleusercontent.com
  • googleapis.com

 


Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Highlighted
Regular Contributor I

Re: WiFi access using Facebook, Google or LinkedIn credentials

added. Still getting the same results. 

Regards,

Josh
___________
ACMP, ACCP
Highlighted
MVP

Re: WiFi access using Facebook, Google or LinkedIn credentials

Ok..

 

Well - no way around it. Same as we did for facebook and linkedin tehn:

 

google.com

google.co.uk

googleusercontent.com

googleapis.com

gstatic.com

google-analytics.com

 

 


Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Highlighted
Regular Contributor I

Re: WiFi access using Facebook, Google or LinkedIn credentials

ok that fixed the form and the permission page displays correctly and the Accept button is greyed out for a few seconds and then become "clickable."

 

Once I grant permission I get redirected back to the cppm.demo.com/demo_reg_social_login.php and am not logged in. If I try clicking my Google login it doesn't prompt any more (still logged into my google acct on the browser) but keeps redirecting back to the network login page for guest. 

 

Nothing is showing up in Access Tracker beside the initial MAC auth attempt. 

Regards,

Josh
___________
ACMP, ACCP