Re: [PacketFence-users] Social Login from Captive Portal and Firewall (Checkpoint) Enforcement

Thu, 07 Dec 2017 14:32:36 -0800 

Does someone use PacketFence like this (Captive portal and firewall 
enforcement) ?


Envoyé à partir d’Outlook<http://aka.ms/weboutlook>


________________________________
De : Benoît Dubé <bendube1...@hotmail.com>
Envoyé : 6 décembre 2017 11:58
À : packetfence-users@lists.sourceforge.net
Objet : PoC: Social Login from Captive Portal and Firewall (Checkpoint) 
Enforcement


Hi everyone,


I need to do a proof of concept to authenticate external users, in a BYOD use 
case, with their social login and/or their own entreprise accounts if they have 
MS AD and make the enforcement with the Checkpoint Firewall. The most important 
part is with social login.


Here is what I think of:

- Every user's traffic go to the inline firewall, mainly from a wired connection

- Internal users are identifier against their AD based on Checkpoint Identity 
Awareness (AD Query)

- External users are redirected to a captive portal. This is where Packetfence 
comes to play

- Externel users registered to Packetfence which authenticate them to social 
login services

- If social authentication succeed, a sponsorship feature send a message to a 
defined sponsor who accept or deny the user. The sponsor should be able to set 
the role/group for each user.

- Packetfence should keep user information to manage future access.

- Later, when a registrered user is redirected to the Captive Portal 
(PacketFence) for identification, Packetfence should authenticate against 
social login service, and if succeed, sends Radius accounting data to the 
Checkpoint to give him network access based on the policy defined in the 
Checkpoint. Checkpoint R80 should also receive and parse the group information 
from PacketFence within the Radius accounting. This group information is 
related to the role/group defined by the sponsor when users register.


As you can see, there is no 802.1x involved, nor VLAN assignment/enforcement. 
Enforcement is apply by the firewall.


Is it a possible use case for PacketFence ? If yes, what are the main steps to 
configure this ?


Benoît


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to