ExtremeCloud IQ- Site Engine & Extreme Management Center

Expand all | Collapse all

Facebook login on NAC

  • 1.  Facebook login on NAC

    Posted 06-08-2015 04:30
    I'm trying to implement Facebook login on NAC, system correctly handle requests till "Register via facebook", and than, as it's starts to redirect me to FB application ( all steps described in help file is done) browser(s) says "Your connection is not private"
    Does someone have experience with adding this future?

  • 2.  RE: Facebook login on NAC

    Posted 06-08-2015 18:38
    Hello, This is a security warning because we are forcing the conversation to between FB and NAC to use the captive portal, which you cannot redirect https: traffic, because it is secure, making it difficult to hijack. So http is used, which will pop this warning if a https site is available, but not used for a host of reasons.

    From the help guide (which you followed)
    How Facebook Registration WorksOnce you have configured Facebook registration using the steps above, the registration process will work like this:

    1. The end user attempts to access an external Web site. Their HTTP traffic is redirected to NAC’s captive portal.
    2. In the Guest Registration Portal, the end user selects the option to register using Facebook.
    3. The end user is redirected to the Facebook login. If Acceptable Use Policy option is configured, the captive portal will verify that the AUP has been acknowledged before redirecting the user to Facebook.
    4. Once logged in, the end user is presented with the information that NAC will receive from Facebook.
    5. The end user grants NAC access to the Facebook information and is redirected back to NAC's captive portal where they see a "Registration in Progress" message.
    6. Facebook provides the requested information to NAC, which uses it to populate the user registration fields.
    7. The registration process completes and network access is granted.
    8. The word "Facebook" is added to the user name so that you can easily search for Facebook registration via the Registration Administration web page.

  • 3.  RE: Facebook login on NAC

    Posted 06-19-2015 10:33
    1) in external portal configuration on EWC uri use http fqdn to NAC
    2) in NAC portal profile uncheck "Force captve portal to use HTTPS
    3) Add http://nac_portal/fb_oauth? to Fb application allowed domain's

  • 4.  RE: Facebook login on NAC

    Posted 02-14-2018 21:04
    Hi Guys,

    Resuming this conversation, I'm still in trouble..

    I have a customer willing to enable social media authentication with NAC (ExtremeWireless and NAC His TOP priority is to enable Facebook login.

    I've already configured Google and Microsoft logins and both work like a charm (using L7 rules B@AP topology), but Facebook still a mess.

    The L7 rules allowing Facebook (default and the custom I've created) seems not to work.

    Already tried using the HTTP NAC Portal, but when it jumps to Facebook I got the HSTS problem (when enabling HTTPS redirection) or no access (if I deny HTTPS after allow L7 rules).

    The only way I found is to allow all HTTPS, but this is unacceptable for the customer.

    Already tried to mess with "Allowed Sites" on NAC, but I had no luck.

    I'm running out of ideas (and time)... Anyone have any idea?



  • 5.  RE: Facebook login on NAC

    Posted 06-10-2015 07:02
    Hello and thank you for answer
    but, at stage 3- redirect to fb, im getting url as https://facebook.com/dialog/oauth?

    and Crome "says" "Your connection is not private
    Attackers might be trying to steal your information from facebook.com (for example,

    passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALIDY"

    So, no "Continue" no "Accept risks"...
    What to do in this case?

  • 6.  RE: Facebook login on NAC

    Posted 06-10-2015 11:58
    Hello Vakhtang,
    This is likely a cert error coming from the NAC appliance itself. Since the client has not loaded the NAC's certificate, or you have not loaded the NAC with a trusted certificate, say from an external cert provider such as Verisign for example. See this happens in one of my lab setups.

    My NAC's IP is as see below.
    You can verify what certficates are in play by right clicking on the NAC IP in NAC manager, select Webview -> Select Certificate Diagnostics. See mine below. It's from our company, so Google does not know it's a valid certificate, as we are not also a certificate authority, and your browser has not installed it (this may be impractical for Portal environments.)

    I would proceed as proof of concept.
    If this fails, then I would open up a Ticket with the GTAC so we can pursue offline.

  • 7.  RE: Facebook login on NAC

    Posted 06-15-2015 17:04
    Hi Mike I have the same issue like Vakhtang Mosidze. I can't approve certificate.

  • 8.  RE: Facebook login on NAC

    Posted 06-16-2015 08:20

  • 9.  RE: Facebook login on NAC

    Posted 06-08-2015 18:38
    where can one find this help guide?

  • 10.  RE: Facebook login on NAC

    Posted 06-16-2015 08:20
    Same as me...

  • 11.  RE: Facebook login on NAC

    Posted 06-16-2015 08:20
    I created case on GTAC. I'll notify you about progress.

  • 12.  RE: Facebook login on NAC

    Posted 06-16-2015 08:20
    AFAIK that is a problem with Firefox security settings. Did you try i.e. Google Chrome instead of Firefox? Generally there is an issue with redirecting to https sites an as long as you will not have trust public cert in naps web server that will happened

  • 13.  RE: Facebook login on NAC

    Posted 06-16-2015 08:20
    Same result's with all browsers. Yes, you'r right, problem is with certificate. But, I thinks certificate can be ommited

  • 14.  RE: Facebook login on NAC

    Posted 06-16-2015 08:20
    Do You have certificate uploaded to NAC Appliance?

  • 15.  RE: Facebook login on NAC

    Posted 02-14-2018 21:04
    Forking this conversation to its own thread for better visibility. Please reference the new conversation here: Using Facebook for NAC Login