Hi Giovanni indeed.. if you're using it for guest access then what you describe is really the only viable option.... or just bypass the authentication at all. Are you using the google sign in just to collect the email addresses for guests? you could alternatively use the email login where the user enters (manually) an email address.
On android devices the google login is sometimes an issue as the main account gets selected automatically and might not be the one that the user wants to use. On my sites I stopped using google as an auhentication source (via oAuth) due to these issues and the hassle created for end users. On Wed, Jun 12, 2024 at 3:24 PM Giovanni Trapasso <giovanni.trapa...@ualberta.ca> wrote: > > Hi Diego, > > Thanks for your reply. > > We are using this for our Guest SSID, we don't want our internal Google users > to use it. Have not experienced any issues with Android clients. > > For anyone else who might be experiencing this blocking issue from Google we > wrote up a workaround for people using iPhone and Google. > > 1. Connect to Guest Wi-Fi Network: Go to your device's Wi-Fi settings and > connect to the Guest network. > 2. Choose Google as Authenticator Provider: When prompted for > authentication, select "Google" as your authenticator provider > 3. Agree to Terms: Accept the terms and conditions presented on the screen. > 4. Bypass Access Block Page: If you encounter an access block page, simply > tap "Cancel" to proceed. > 5. Opt for Offline Use: Select the option to use the internet "Without > Internet" or "Offline Mode" if prompted. > 6. Open Safari and Enter URL: Launch Safari web browser and type in the > URL "captive.apple.com" in the address bar. > 7. Sign in with Google Account: Follow the on-screen prompts to > authenticate using your Google account credentials. > > On Wed, Jun 12, 2024 at 12:08 PM Diego Garcia del Rio <garc...@gmail.com> > wrote: >> >> the only way to get proper google authentication is using the ldap >> integration and your own google workspace domain (asuming you want to >> authenticate users from the ualberta.ca domain). It wont work for >> generic gmail.com users though >> >> to do this, you need to enable Secure LDAP in the google workspace admin. >> >> Android users are also similarly affected, though in some cases, the >> OS launches the full browser instead of the captive portal limited >> browser. >> >> >> On Wed, Jun 12, 2024 at 10:25 AM Giovanni Trapasso via >> PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: >> > >> > Hi Everyone, >> > >> > I just deployed a PacketFence captive portal for my guest wireless with >> > Google as one of my Authentication Sources. I have started receiving >> > complaints when apple iphone users are trying to use the google option to >> > authenticate on my captive portal. They press the Google button, they get >> > the acceptable use page but right after they press the accept button they >> > get an error from accounts.google.com. The error is similar to this: >> > >> > " >> > Access Blocked: Google appsheet's<My Portal> request does not comply with >> > Google's Policies >> > >> > <My Portal> request does not comply with Google's 'Use secure browsers' >> > policy. if this app has a website, you can open a web browser and try >> > signing in from there. if you are attempting to access a wireless network, >> > Please follow these instructions. >> > >> > You can also contact the developer to let them know that their app must >> > comply with Google's 'Use secure browser' policy. >> > >> > Learn more about the error >> > >> > If you are developer of <My Portal>. See error details. >> > >> > Error: 403: disallowed_useragent >> > " >> > >> > Of course this is due to a security policy Google is enforcing. My >> > captive portal is working fine with all types of other devices, even the >> > Apple iPad, but Apple iPhones are seeing this issue. >> > >> > I am curious how many others are experiencing this issue and what they are >> > doing about this? I have 2 other authentication sources for my guest >> > users to choose from so it might not be a big deal >> > -- >> > >> > >> > _______________________________________________ >> > PacketFence-users mailing list >> > PacketFence-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > -- > _______________________________________________________________ > Giovanni Trapasso > Digital Networks and Data Center Services > Information Services & Technology (IST) > 269 General Services Building > University of Alberta > Edmonton, Alberta, Canada > T6G 2E5 > > Phone: (780) 492-4696 > > To open a Technical Service call with IST go to: > https://ist.ualberta.ca/ > > ** This communication is intended for the use of the recipient to whom it is > addressed, and may contain confidential, personal, and/or privileged > information. Please contact me immediately if you are not the intended > recipient of this communication, and do not copy, distribute, or take action > relying on it. Any communication received in error, or subsequent reply, > should be deleted or destroyed.** > _______________________________________________________________ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
