This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
user_guide:social_login [2019/06/11 17:02] admin [Facebook side] |
user_guide:social_login [2019/06/25 13:53] (current) admin [Facebook side] |
||
---|---|---|---|
Line 41: | Line 41: | ||
====== The user used for the temporary session ====== | ====== The user used for the temporary session ====== | ||
- | * Because we can make use of multiple providers we decided to rather not going the route of providing a large and ever changing list in the Walled garden for each strategy of the captive portal in order for you to reach the authentication provider. | + | * Because we can make use of multiple providers we decided to rather not going the route of providing a large and ever changing list in the Walled Garden for each provider of the captive portal in order for you to reach the authentication provider. |
* We make use of a temporary user account which will log the user into the captive portal and then redirect them to the authentication provider's login page. | * We make use of a temporary user account which will log the user into the captive portal and then redirect them to the authentication provider's login page. | ||
* You can choose per Dynamic Login Page which temporary user to use. | * You can choose per Dynamic Login Page which temporary user to use. | ||
Line 102: | Line 102: | ||
* Facebook will now generate your App with a unique ID which you will later use in RADIUSdesk's config. | * Facebook will now generate your App with a unique ID which you will later use in RADIUSdesk's config. | ||
+ | * The App itself will have settings which you can access. Under the **Basic** settings you will find the **App Id** and **App Secret**. | ||
+ | * Record the application's **App ID** and **App Secret** since we will need it in RADIUSdesk. | ||
- | {{:user_guide:facebook:fb_new_ap4.png?nolink|}} | + | {{:user_guide:facebook:fb_new_ap6.png?nolink|}} |
* You can now go to the **Products** menu in the bottom left. Click on add a **Product**. We need to add **Facebook Login**. This product will allow for **OAuth2** based authentication which is what we need for Social Logins. | * You can now go to the **Products** menu in the bottom left. Click on add a **Product**. We need to add **Facebook Login**. This product will allow for **OAuth2** based authentication which is what we need for Social Logins. | ||
- | {{:user_guide:facebook:fb_new_ap5.png?nolink|}} | + | {{:user_guide:facebook:fb_new_ap7.png?nolink|}} |
- | {{:user_guide:facebook:fb_new_ap6.png?nolink|}} | + | * Ignore the **Quickstart** options and go to the **Settings** menu on the left for the **Facebook Login** |
- | + | ||
- | {{:user_guide:facebook:fb_new_ap7.png?nolink|}} | + | |
{{:user_guide:facebook:fb_new_ap8.png?nolink|}} | {{:user_guide:facebook:fb_new_ap8.png?nolink|}} | ||
+ | |||
+ | * Facebook tighten their security a lot and one now have to explicitly specify the URL's which OAuth will redirect back to. (Our RADIUSdesk server) | ||
+ | * They also force you to use **https** on the server you specify that you will be redirecting back to. | ||
+ | * Our server here is **dev.radiusdesk.com**. Please change this in order to fit your environment. | ||
+ | * The URI in our deployment is https://dev.radiusdesk.com/cake3/rd_cake/third-party-auths/index.json | ||
+ | * This is the value we specify in the **Valid OAuth Redirect URIs** item. The other items we leave as is (Defaults). | ||
{{:user_guide:facebook:fb_new_ap9.png?nolink|}} | {{:user_guide:facebook:fb_new_ap9.png?nolink|}} | ||
- | * Go to the **Settings** of the application and specify the URL of the server where you will serve the login pages from. | + | * After you saved this there is one item outstanding before you can configure the RADIUSdesk side. |
- | * Beware that Facebook require that the redirected URL be precisely the same as the one specified. This means that if your login page on the captive portal looks like http://69.30.244.107/ you also have to mirror that. If on the other hand you use a hostname, be sure that they also match e.g http://rd01.wificity.asia/ | + | * Top left is a switch to take the App out of development and make it live. Make the App live by toggling the switch to the **On** position |
- | + | ||
- | * Record the application's **App ID** and **App Secret** since we will need it in RADIUSdesk. | + | |
- | * Select the **Status and Review** menu item and make sure the application is live and available to the general public. | + | |
<WRAP center round alert 90%> | <WRAP center round alert 90%> | ||
- | Failing to make the application available to the general public will render the Facebook authentication useless. | + | Failing to make the application live will render the Facebook authentication useless. |
</WRAP> | </WRAP> | ||