Extreme Networks

Vakhtang_Mosidz · ‎06-08-2015

Hello
I'm trying to implement Facebook login on NAC, system correctly handle requests till "Register via facebook", and than, as it's starts to redirect me to FB application ( all steps described in help file is done) browser(s) says "Your connection is not private"
Does someone have experience with adding this future?

Jarek_Sobieszek · ‎06-15-2015

Hi Mike I have the same issue like Vakhtang Mosidze. I can't approve certificate.

Mike_Thomas · ‎06-10-2015

Hello Vakhtang,
This is likely a cert error coming from the NAC appliance itself. Since the client has not loaded the NAC's certificate, or you have not loaded the NAC with a trusted certificate, say from an external cert provider such as Verisign for example. See this happens in one of my lab setups.

My NAC's IP is 10.0.0.98 as see below.
You can verify what certficates are in play by right clicking on the NAC IP in NAC manager, select Webview -> Select Certificate Diagnostics. See mine below. It's from our company, so Google does not know it's a valid certificate, as we are not also a certificate authority, and your browser has not installed it (this may be impractical for Portal environments.)

I would proceed as proof of concept.
If this fails, then I would open up a Ticket with the GTAC so we can pursue offline.

Vakhtang_Mosidz · ‎06-10-2015

Hello and thank you for answer
but, at stage 3- redirect to fb, im getting url as https://facebook.com/dialog/oauth?
response_type=code&client_id=102475110085455&redirect_uri=https://nac.zentyal-

domain.lan/fb_oauth.....
and Crome "says" "Your connection is not private
Attackers might be trying to steal your information from facebook.com (for example,

passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALIDY"

So, no "Continue" no "Accept risks"...
What to do in this case?

Mike_Thomas · ‎06-08-2015

Hello, This is a security warning because we are forcing the conversation to between FB and NAC to use the captive portal, which you cannot redirect https: traffic, because it is secure, making it difficult to hijack. So http is used, which will pop this warning if a https site is available, but not used for a host of reasons.

From the help guide (which you followed)
How Facebook Registration WorksOnce you have configured Facebook registration using the steps above, the registration process will work like this:

The end user attempts to access an external Web site. Their HTTP traffic is redirected to NAC’s captive portal.
In the Guest Registration Portal, the end user selects the option to register using Facebook.
The end user is redirected to the Facebook login. If Acceptable Use Policy option is configured, the captive portal will verify that the AUP has been acknowledged before redirecting the user to Facebook.
Once logged in, the end user is presented with the information that NAC will receive from Facebook.
The end user grants NAC access to the Facebook information and is redirected back to NAC's captive portal where they see a "Registration in Progress" message.
Facebook provides the requested information to NAC, which uses it to populate the user registration fields.
The registration process completes and network access is granted.
The word "Facebook" is added to the user name so that you can easily search for Facebook registration via the Registration Administration web page.

fernando2 · ‎06-08-2015

where can one find this help guide?