• February 24, 2018, 01:22:01 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Someone had success with Captive Portal and social Oauth (Google/facebook)?  (Read 1885 times)

0 Members and 1 Guest are viewing this topic.

Offline geovane

  • Rookie
  • **
  • Posts: 8
Hi,

For me works but i can't retrieve username with captive portal auth logs:

 "%CAPTIVE-PORTAL-6-AUTH_SUCCESS: Captive-portal authentication success for client C4-9A-02-99-EE-5E(10.0.31.105) user ''    "

CTRL-W-01#sh captive-portal sessions
====================================================================================================================
CLIENT                   IPv4     CAPTIVE-PORTAL     WLAN/PORT          VLAN         STATE SESSION TIME LOGIN SOURCE
--------------------------------------------------------------------------------------------------------------------
C4-9A-02-99-EE-5E     10.0.31.105 Social_Net_Oauth   Teste-OAuth        28         Success      0:06:58     facebook
====================================================================================================================
Total number of captive portal sessions displayed: 1


Hadware Plataform: RFS7000 cluster ative/passive
AP-6522
wing: 5.8.2.0-030R

The config is based in Zebra doc: "Captive Portals How To: Social Media Onboarding using OAUTH" and
youtube video:  [WiNG Express] Configuring Captive Portal With Facebook Social Login

Thanks!

Pertinent config:

! Configuration of RFS7000 version 5.8.2.0-030R
!
radio-qos-policy default
!
aaa-policy RadiusXX
 authentication server 1 host xxxxxxxx secret xxxx xxxxx
 authentication server 1 timeout 6
 authentication server 1 proxy-mode through-controller
 authentication server 2 host host xxxxxxxx secret xxxx xxxxx
 authentication server 2 timeout 6
 authentication server 2 proxy-mode through-controller
 authentication eap wireless-client timeout 30
 authentication protocol mschapv2
!
aaa-policy teste_AAA_Captive
 authentication server 1 onboard controller
!
dns-whitelist Oauth-Google-Facebook
 permit graph.facebook.com suffix
 permit s-static.ak.facebook.com suffix
 permit facebook.com suffix
 permit m.facebook.com suffix
 permit static.ak.facebook.com suffix
 permit google.com suffix
 permit ssl.gstatic.com
 permit googleusercontent.com suffix
 permit fbstatic-a.akamaihd.net
 permit connect.facebook.net
 permit facebook.com suffix
 permit fbcdn.net suffix
 permit googleapis.com suffix
!
dns-whitelist liberacao
 permit XXrs.XX.br suffix
 permit google.com suffix
 permit google.com.br suffix
!
captive-portal Social_Net_Oauth
 access-type registration
 access-time 10
 connection-mode https
 inactivity-timeout 60
 server host captive.portal.local
 server mode centralized-controller hosting-vlan-interface 28
 terms-agreement
 oauth
 oauth client-id Google xxxxxxxxxxx Facebook yyyyyyyyyyyyyyyy
 webpage internal login main-logo logo_xxxxx.png
 webpage internal welcome main-logo logo_xxxxx.png
 webpage internal fail main-logo logo_xxxxx.png
 webpage internal agreement main-logo logo_xxxxx.png
 webpage internal acknowledgement main-logo logo_xxxxx.png
 webpage internal registration main-logo logo_xxxxx.png
 webpage internal no-service main-logo logo_xxxxx.png
 accounting syslog host  x.x.x.x
 use aaa-policy teste_AAA_Captive
 use dns-whitelist Oauth-Google-Facebook
 logout-fqdn logout-captive.portal.local
 bypass captive-portal-detection
 webpage internal registration field city type text enable label "City" placeholder "Enter City"
 webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
 webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
 webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
 webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
 webpage internal registration field gender type dropdown-menu enable label "Gender" title "Gender"
 webpage internal registration field optout type checkbox enable title "Do not remember and use my details"
 webpage internal registration field member type text enable label "Loyalty/Member Card Number" placeholder "Enter Loyalty/Member Card Number"
 webpage internal registration field dob type date enable label "Date of Birth" placeholder "MM/DD/YYYY"
 webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
 webpage internal registration field country type dropdown-menu enable label "Country" title "Enter State, Country"
 webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
 webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain"
 webpage internal registration field via-email type checkbox enable title "Email Preferred"
 webpage internal registration field disclaimer type checkbox enable title "Use of this information is subject to our Terms and Conditions. By clicking Register, you agree to the terms of this Disclaimer"
!
wlan Teste-OAuth
 description teste autenticacao social media
 ssid Teste-OAuth
 vlan 28
 bridging-mode local
 encryption-type none
 authentication-type none
 no answer-broadcast-probes
 no client-client-communication
 wpa-wpa2 psk 0 xxxxxxxxx
 client-load-balancing max-probe-req 2.4ghz 48
 client-load-balancing max-probe-req 5ghz 24
 client-load-balancing probe-req-intvl 5ghz 24
 client-load-balancing probe-req-intvl 2.4ghz 24
 client-load-balancing band-discovery-intvl 24
 client-load-balancing capability-ageout-time 24
 use captive-portal Social_Net_Oauth
 captive-portal-enforcement
 registration user group-name Visitantes expiry-time 4320
!
!
radius-group Visitante
 guest
  policy ssid Teste-OAuth
!
radius-user-pool-policy Visitantes
!
radius-server-policy Captive_Portal
 no ldap-group-verification
!
profile rfs7000 XX-default-rfs-7000
 ip name-server x.x.x.x
 ip name-server x.x.x.x
 ip default-gateway x.x.x.x
 no autoinstall configuration
 no autoinstall firmware
 no device-upgrade auto
 device-upgrade count 15
 use radius-server-policy Captive_Portal
 crypto ikev1 policy ikev1-default
  isakXX-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakXX-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto remote-vpn-client
 interface me1
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1,26,28
 interface ge2
 interface ge3
 interface ge4
 interface pppoe1
 use management-policy XX-Default
 use firewall-policy default
 use auto-provisioning-policy ProvisionamentoPadraoXX
 use captive-portal server Social_Net_Oauth
 ntp server x.x.x.x prefer
 ntp server x.x.x.x
 logging on
 logging host x.x.x.x
 no logging forward
 service pm sys-restart
 router ospf
!
!
profile ap6522 AP6522_3_Redes
 ip name-server x.x.x.x
 ip name-server x.x.x.x
 ip domain-name xxxxxxxxx
 no autoinstall configuration
 no autoinstall firmware
 load-balancing balance-band-loads
 crypto ikev1 policy ikev1-default
  isakXX-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakXX-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan XX bss 1 primary
  wlan XX-Internet bss 2 primary
  wlan XX-Visitante-Antiga bss 3 primary
 interface radio2
  wlan XX bss 1 primary
  wlan XX-Visitante-Antiga bss 2 primary
  wlan XX-Internet bss 3 primary
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1,26,28
 interface vlan1
  ip address dhcp
  ip dhcp client request options all
 interface pppoe1
 use management-policy XX-Default
 use firewall-policy default
 ntp server x.x.x.x prefer
 ntp server x.x.x.x
 service pm sys-restart
!
!
rfs7000 B4-C7-99-xy-xy-xy
 use profile XX-default-rfs-7000
 use rf-domain DOMAIN-A
 hostname CTRL-W-01
 no contact
 ip default-gateway x.x.x.x
 device-upgrade auto ap6522
 interface me1
  ip address x.x.x.x/24
 interface vlan1
  description gerencia
  ip address x.x.x.x/24
 interface vlan28
  description captive_portal
  ip address x.x.x.x/24
  no shutdown
  no ipv6 address autoconfig
  no ipv6 accept ra
  no ipv6 redirects
 cluster name ClusterXX
 cluster mode active
 cluster member ip x.x.x.1
 cluster member ip x.x.x.2
 no cluster member vlan
 cluster master-priority 130
 logging on
 logging console warnings
 logging buffered warnings
 logging syslog informational
 events on
 events forward on
 no logging forward
!
!
ap6522 FC-0A-81-xy-xy-xy
 use profile AP6522_3_Redes
 use rf-domain DOMAIN-A
 hostname AP-SEDE-TS-08A
 geo-coordinates x,y
 area xyz
 floor "sdfsadfafafaf" 8
 load-balancing band-ratio 2.4ghz 0
 load-balancing band-ratio 5ghz 1
 no load-balancing balance-ap-loads
 load-balancing band-control-strategy prefer-5ghz
 interface radio1
  data-rates gn
  wlan XX bss 1 primary
  wlan XX-Internet bss 2 primary
  wlan XX-Visitante-Antiga bss 3 primary
 interface radio2
  data-rates an
  wlan XX bss 1 primary
  wlan XX-Internet bss 2 primary
  wlan XX-Visitante-Antiga bss 3 primary
  wlan Teste-OAuth bss 4 primary
 use event-system-policy captive-log
 logging host x.x.x.x
 logging forward debugging
!
!
end





Offline geovane

  • Rookie
  • **
  • Posts: 8
Re: Someone had success with Captive Portal and social Oauth (Google/facebook)?
« Reply #1 on: September 12, 2016, 04:59:37 PM »
So...still no one has anything on Captive portal and Social Oauth?

Offline McNulty

  • Sr. Member
  • ****
  • Posts: 216
Re: Someone had success with Captive Portal and social Oauth (Google/facebook)?
« Reply #2 on: September 13, 2016, 01:55:39 AM »
Hello. I have not used OAuth but in my Captive Portal experience using RADIUS the command "sh captive-portal sessions" never shows the username.

Did you try the GUI or try 'sh wireless client detail'?

Offline geovane

  • Rookie
  • **
  • Posts: 8
Re: Someone had success with Captive Portal and social Oauth (Google/facebook)?
« Reply #3 on: September 13, 2016, 04:16:19 PM »
Hello. I have not used OAuth but in my Captive Portal experience using RADIUS the command "sh captive-portal sessions" never shows the username.

Did you try the GUI or try 'sh wireless client detail'?

Hi McNulty,

Humm... i did, but de username is the MAC address number.

Thanks

Offline geovane

  • Rookie
  • **
  • Posts: 8
Re: Someone had success with Captive Portal and social Oauth (Google/facebook)?
« Reply #4 on: September 16, 2016, 01:53:09 PM »
The Zebra team says that social authentication and registration aren't fully suported in RFS7000 plataform.  :(

Geovane

Offline McNulty

  • Sr. Member
  • ****
  • Posts: 216
Re: Someone had success with Captive Portal and social Oauth (Google/facebook)?
« Reply #5 on: September 23, 2016, 01:26:55 AM »
Try in VX9000.
You can get free demo licence for 90-days +16 APs