I’m running on v10, using the default whitelist in the Google Auth config. The end system is talking to google, verified with wireshark, and by inputting wrong password.
The end system’s role never gets updated, even though I have a catchall rule in place that should move it to a different VLAN. I have not done a packet capture on server’s interface yet. The end system stays as unregistered, so the issue may be authenticating the token between PF and google. I’ve only tested using Chrome and Firefox browsers and only if Chrome is used does the redirect show accounts.blogger.com<http://accounts.blogger.com> in the address field after entering the google account credentials. Both browser windows show the you may need to login to your network with a button; the button sends you back to the AUP. Is there a certain log that I would be able to see PF talking to google, or just checking wireshark packets? Thanks, Bill Sent from my iPad On Apr 22, 2020, at 5:15 PM, Diego Garcia del Rio <garc...@gmail.com<mailto:garc...@gmail.com>> wrote: Just to be sure, do you have all the proper whitelists as well? Its weird that the user is directed to accounts.blogger.com<http://accounts.blogger.com>... Also, you should be able to see your PF server making a request to google to validate the returned token. On which version of PF are you? I've been using google auth successfully all the way up to 9.2 (I haven tested anything newer though). Also, not sure the logic you're using but you might want to check that the google source is assigning a role to the device in question.. On Wed, Apr 22, 2020 at 5:51 PM Bill Handler via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Running into an issue with Google oauth2 authentication via Captive Portal… * Have it configured and set as an External Authentication Source * Have all the correct settings on Google Developer site What’s happening is that after entering the username/password in the Google display on the captive portal, the user is not put into the correct VLAN/redirected. Authentication via AD/SMS/E-Mail works without issue. If using Chrome Browser, user is redirected to accounts.blogger.com<http://accounts.blogger.com> with a long string afterwards, within Firefox, the url shows as the portal url with “?code=” with a long string – this is the token from Google I believe, based on some of the documentation. The user stays in the registration VLAN and is not moved to the correct role. Not sure where to check to see why the user is not moving. Any help is appreciated. Thanks, Bill _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users