Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Social Authentication Policy in Captive Role

This thread has been viewed 1 times

  • 1.  Social Authentication Policy in Captive Role

    Posted May 08, 2019 01:19 PM

    I am trying to setup guest access via Cloudpath social authentication and the captive policy on our controllers is blocking access to the various social authentication API sites (e.g. Google, Facebook & LinkedIn). It would be a shame to need to allow complete access to those three domains in order to get social authentication working. Is there a more streamlined list of URLs to allow social authentication from a captive role?



  • 2.  RE: Social Authentication Policy in Captive Role

    EMPLOYEE


  • 3.  RE: Social Authentication Policy in Captive Role

    Posted May 08, 2019 01:33 PM

    Thank you! Is recommended practice to create a new policy for each authenticator in our captive role?



  • 4.  RE: Social Authentication Policy in Captive Role

    EMPLOYEE
    Posted May 08, 2019 01:44 PM
    You just add the netdestination to the captive portal profile in the whitelist.


  • 5.  RE: Social Authentication Policy in Captive Role

    Posted May 14, 2019 10:07 AM

    We're not using the captive portal on the controller. Rather, we're redirecting to our Cloudpath installation, so we added the rules as firewall entries for the guest-logon profile, but we're still unable to access Facebook. The netdestination looks correct based on the github information, but when accessing the Facebook authentication page, Firefox throws an error saying it cannot access the site as the certificate is presented for securelogin.arubanetworks.com.



  • 6.  RE: Social Authentication Policy in Captive Role

    Posted May 30, 2019 11:15 AM

    Bumping this thread - we've worked with local engineers and have an open TAC case, and still we're unable to allow access to LinkedIn & Facebook from a captive profile. We created a policy that allows all social authentication sites and set that policy in a high position in the affected roles and still no improvement.



  • 7.  RE: Social Authentication Policy in Captive Role
    Best Answer

    Posted Jun 11, 2019 12:23 PM

    After extensive work with TAC, we determined LinkedIn and Facebook social auth required further domains in the whitelist in order to work properly. Once the below domains were added things worked as expected.

     

    Facebook.com
    ====================================================
         *.facebook.com
         *.facebook.net
         *.fbcdn.net
         *.fbsbx.com
         *.akamaihd.net
         *.akamaiedge.net
         *.doubleclick.net
         *.google.com
         *.google.com.br (for Brazil deployments)
         *.accountkit.com
         *atdmt.com
         googleads.g.doubleclick.net

    LinkedIn
    =====================================================
         *.licdn.com
         *.linkedin.com
         *.akamaiedge.net
         *.akamaihd.net
         slicdn.com
         *.recaptcha.net
         *.google.com
         *.gstatic.com