Hi Diego, In the past we only had a button to allow people on our Guest network. I did not like it but people wanted things to be easy for guests to get access to our campus. Another issue is we have students using the Guest network instead of Eduroam, no clue why because we throttle the Guest network quite a bit.
Anyways we wanted to get a Captive Portal running so that we can force people to put some kind of credentials, we really don't care who they are and we will never reach out to them unless they did something wrong on our network. But the added benefit is we can now reject our students university gmail account and hopefully get them to use Eduroam. Just additional weirdness regarding iPhone and Google. iPads don't have this issue. you connect, you press Google, you are redirected to accounts.google.com and no issues with Google blocking. On Wed, Jun 12, 2024 at 1:38 PM Diego Garcia del Rio <garc...@gmail.com> wrote: > Hi Giovanni > > indeed.. if you're using it for guest access then what you describe is > really the only viable option.... or just bypass the authentication at > all. Are you using the google sign in just to collect the email > addresses for guests? you could alternatively use the email login > where the user enters (manually) an email address. > > On android devices the google login is sometimes an issue as the main > account gets selected automatically and might not be the one that the > user wants to use. > > On my sites I stopped using google as an auhentication source (via > oAuth) due to these issues and the hassle created for end users. > > > On Wed, Jun 12, 2024 at 3:24 PM Giovanni Trapasso > <giovanni.trapa...@ualberta.ca> wrote: > > > > Hi Diego, > > > > Thanks for your reply. > > > > We are using this for our Guest SSID, we don't want our internal Google > users to use it. Have not experienced any issues with Android clients. > > > > For anyone else who might be experiencing this blocking issue from > Google we wrote up a workaround for people using iPhone and Google. > > > > 1. Connect to Guest Wi-Fi Network: Go to your device's Wi-Fi settings > and connect to the Guest network. > > 2. Choose Google as Authenticator Provider: When prompted for > authentication, select "Google" as your authenticator provider > > 3. Agree to Terms: Accept the terms and conditions presented on the > screen. > > 4. Bypass Access Block Page: If you encounter an access block page, > simply tap "Cancel" to proceed. > > 5. Opt for Offline Use: Select the option to use the internet > "Without Internet" or "Offline Mode" if prompted. > > 6. Open Safari and Enter URL: Launch Safari web browser and type in > the URL "captive.apple.com" in the address bar. > > 7. Sign in with Google Account: Follow the on-screen prompts to > authenticate using your Google account credentials. > > > > On Wed, Jun 12, 2024 at 12:08 PM Diego Garcia del Rio <garc...@gmail.com> > wrote: > >> > >> the only way to get proper google authentication is using the ldap > >> integration and your own google workspace domain (asuming you want to > >> authenticate users from the ualberta.ca domain). It wont work for > >> generic gmail.com users though > >> > >> to do this, you need to enable Secure LDAP in the google workspace > admin. > >> > >> Android users are also similarly affected, though in some cases, the > >> OS launches the full browser instead of the captive portal limited > >> browser. > >> > >> > >> On Wed, Jun 12, 2024 at 10:25 AM Giovanni Trapasso via > >> PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: > >> > > >> > Hi Everyone, > >> > > >> > I just deployed a PacketFence captive portal for my guest wireless > with Google as one of my Authentication Sources. I have started receiving > complaints when apple iphone users are trying to use the google option to > authenticate on my captive portal. They press the Google button, they get > the acceptable use page but right after they press the accept button they > get an error from accounts.google.com. The error is similar to this: > >> > > >> > " > >> > Access Blocked: Google appsheet's<My Portal> request does not comply > with Google's Policies > >> > > >> > <My Portal> request does not comply with Google's 'Use secure > browsers' policy. if this app has a website, you can open a web browser and > try signing in from there. if you are attempting to access a wireless > network, Please follow these instructions. > >> > > >> > You can also contact the developer to let them know that their app > must comply with Google's 'Use secure browser' policy. > >> > > >> > Learn more about the error > >> > > >> > If you are developer of <My Portal>. See error details. > >> > > >> > Error: 403: disallowed_useragent > >> > " > >> > > >> > Of course this is due to a security policy Google is enforcing. My > captive portal is working fine with all types of other devices, even the > Apple iPad, but Apple iPhones are seeing this issue. > >> > > >> > I am curious how many others are experiencing this issue and what > they are doing about this? I have 2 other authentication sources for my > guest users to choose from so it might not be a big deal > >> > -- > >> > > >> > > >> > _______________________________________________ > >> > PacketFence-users mailing list > >> > PacketFence-users@lists.sourceforge.net > >> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > > > > -- > > _______________________________________________________________ > > Giovanni Trapasso > > Digital Networks and Data Center Services > > Information Services & Technology (IST) > > 269 General Services Building > > University of Alberta > > Edmonton, Alberta, Canada > > T6G 2E5 > > > > Phone: (780) 492-4696 > > > > To open a Technical Service call with IST go to: > > https://ist.ualberta.ca/ > > > > ** This communication is intended for the use of the recipient to whom > it is addressed, and may contain confidential, personal, and/or privileged > information. Please contact me immediately if you are not the intended > recipient of this communication, and do not copy, distribute, or take > action relying on it. Any communication received in error, or subsequent > reply, should be deleted or destroyed.** > > _______________________________________________________________ > -- _______________________________________________________________ Giovanni Trapasso Digital Networks and Data Center Services Information Services & Technology (IST) 269 General Services Building University of Alberta Edmonton, Alberta, Canada T6G 2E5 Phone: (780) 492-4696 To open a Technical Service call with IST go to: https://ist.ualberta.ca/ <https://otrs.srv.ualberta.ca/otrs/customer.pl> ** This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and/or privileged information. Please contact me immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communication received in error, or subsequent reply, should be deleted or destroyed.** _______________________________________________________________
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
