This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Using Facebook for NAC Login

Using Facebook for NAC Login

LeoP1
Contributor

‎02-14-2018 09:04 PM

Hi Guys,

Resuming this conversation, I'm still in trouble..

I have a customer willing to enable social media authentication with NAC (ExtremeWireless 10.41.02.0014 and NAC 8.1.1.4). His TOP priority is to enable Facebook login.

I've already configured Google and Microsoft logins and both work like a charm (using L7 rules B@AP topology), but Facebook still a mess.

The L7 rules allowing Facebook (default and the custom I've created) seems not to work.

Already tried using the HTTP NAC Portal, but when it jumps to Facebook I got the HSTS problem (when enabling HTTPS redirection) or no access (if I deny HTTPS after allow L7 rules).

The only way I found is to allow all HTTPS, but this is unacceptable for the customer.

Already tried to mess with "Allowed Sites" on NAC, but I had no luck.

I'm running out of ideas (and time)... Anyone have any idea?

Thanks!

-Leo Note: This conversation was created from a reply on: Facebook login on NAC.
0 Kudos
10 REPLIES 10

LeoP1
Contributor

‎02-16-2018 07:30 PM

Hi Ronald,

I completely agree with you... It's an IdentiFi issue and not EMC/NAC problem.

I'm testing with a B@AP tagged topology (upgraded to the latest version today just to make sure) and 3805i and 3825i APs.

Best regards,

-Leo
0 Kudos

Gareth_Mitchell
Extreme Employee
In response to LeoP1

‎02-16-2018 07:30 PM

Hi Leonardo

I think it would be best if you open a case with GTAC, could you please take a packet capture on the client so we can take a look at the HTTP traffic?

-Gareth
0 Kudos

LeoP1
Contributor
In response to LeoP1

‎02-16-2018 07:30 PM

Sure!

Follows some screenshots. The Auth role works fine.

Please, forgive some additional L7 hostname rules I added just to try to make it work (after some sniffing), but without success.

Best regards,
-Leo

57f808849fd64f988a46f6cb070815cb_RackMultipart20180216-54806-d497of-UnAuth-1_inline.png


57f808849fd64f988a46f6cb070815cb_RackMultipart20180216-32766-1k0de4f-UnAuth-2_inline.png


57f808849fd64f988a46f6cb070815cb_RackMultipart20180216-54806-1922ln1-UnAuth-3_inline.png



57f808849fd64f988a46f6cb070815cb_RackMultipart20180216-9411-1s03f3y-Auth-1_inline.png


57f808849fd64f988a46f6cb070815cb_RackMultipart20180216-59389-vbcguz-Auth-2_inline.png

0 Kudos

Ronald_Dvorak
Honored Contributor
In response to LeoP1

‎02-16-2018 07:30 PM

Could you post a screenshot of the unauth and auth role rules.
0 Kudos
Top
GTM-P2G8KFN