Just add the missing domain in Authorized domains , it work exactly the
same than passthroughs setting.
Le 2014-01-22 11:02, Josh Nathan a écrit :
Thanks Fabrice!
While I feel like I'm much closer, I'm still having trouble. Whenever
I click the "Login with Google Account" button, it does a refresh on
the login page (and changes the "destination_url" to
"https://accounts.google.com/o/oauth2/auth";). Am I missing something?
I went ahead and added "https://accounts.google.com"; to the
Passthroughs setting.
Here's what I'm seeing in packetfence.log:
Jan 22 16:40:22 redir.cgi(0) INFO: 60:eb:69:56:53:06 being redirected
(default profile)
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jan 22 16:40:22 redir.cgi(0) INFO: Updating node 60:eb:69:56:53:06
user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:26.0)
Gecko/20100101 Firefox/26.0' (pf::web::web_node_record_user_agent)
Jan 22 16:40:22 redir.cgi(0) INFO: Static User-Agent lookup data
initialized (pf::useragent::_init)
Jan 22 16:40:22 redir.cgi(0) INFO: 60:eb:69:56:53:06 redirected to
authentication page
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jan 22 16:40:35 pfmon(0) INFO: running expire check (main::cleanup)
Jan 22 16:40:35 pfmon(0) INFO: checking registered nodes for
expiration (main::cleanup)
Jan 22 16:40:35 pfmon(0) INFO: checking violations for expiration
(main::cleanup)
Jan 22 16:40:35 pfmon(0) INFO: checking accounting data for potential
bandwidth abuse (main::cleanup)
Jan 22 16:40:35 pfmon(0) INFO: getting violations triggers for
accounting cleanup (pf::accounting::acct_maintenance)
Jan 22 16:40:35 pfmon(0) INFO: Calling node acct maintenance total
with monthly and 1 for 21474836480 (pf::accounting::acct_maintenance)
Jan 22 16:40:40 oauth2.cgi(0) INFO: Sending 60:eb:69:56:53:06 to
OAuth2 - Provider:google
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_oauth2_2ecgi::handler)
Jan 22 16:40:40 redir.cgi(0) INFO: 60:eb:69:56:53:06 being redirected
(default profile)
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jan 22 16:40:40 redir.cgi(0) INFO: 60:eb:69:56:53:06 redirected to
authentication page
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Thanks,
Joshua Nathan
IT Administrator
Black Forest Academy
+49 (0) 7626-916123
On Wed, Jan 22, 2014 at 2:55 PM, Fabrice DURAND <[email protected]
<mailto:[email protected]>> wrote:
Hello Joshua,
it look that google change a little bit the console.
So on https://cloud.google.com/console/ go in APIs & auth ->
credentials and create a new client id.
Then in Oauth2 config in pf:
API ID => Client ID (From google)
API Secret => Client Secret (From google)
API URL => https://accounts.google.com
API Authorize Path => /o/oauth2/auth
API Token Path => /o/oauth2/token
Access Token Parameter => oauth_token
Scope => https://www.googleapis.com/auth/userinfo.email
API URL of logged user =>
https://www.googleapis.com/oauth2/v2/userinfo
Portal URL =>
https://packtfence.black-forest-academy.com/oauth2/google (Should
be the same as Redirect URIs in google)
Authorized domains => *.google.com <http://google.com>,*.google.ca
<http://google.ca>,*.google.fr <http://google.fr>,*.gstatic.com
<http://gstatic.com>,googleapis.com
<http://googleapis.com>,accounts.youtube.com
<http://accounts.youtube.com>
Also Javascript Origins should be
https://packtfence.black-forest-academy.com
For authorized domains you have to take care of the user account
origin, like if you create your account on google.fr
<http://google.fr> then you have to allow *.google.fr
<http://google.fr>, if you create it in UK the google.uk
<http://google.uk> ...
Regards
Fabrice
Le 2014-01-22 06:49, Josh Nathan a écrit :
OK, I'm floundering here. I have a fresh PacketFence 4.1
install, and I'd like to make it so that people can register with
their Google account. Specifically, we have a Google for
education domain, and want our users to be able to use that for
logging into PacketFence.
The problem is that I can't quite figure out how to make it
work. The administrator guide says I need "an API key". What
kind? From the Admin console in Google, I can get an "OAuth
consumer key" and "OAuth consumer secret". When I follow the
link mentioned in the PF admin guide, it takes me somewhere else
where I can create a "project". So I did, but I feel like I'm
just guessing what services to connect to it. Any guidance
there? And none of them seem to be title "userinfo" which is the
scope mentioned in the PF configurations.
When setting up Google as a source, what all fields do I need to
customize/how?
Is the "API" ID my "project" ID followed by the
".apps.googleusercontent.com <http://apps.googleusercontent.com>"?
I'm assuming the API key should be whichever long hash comes
paired with the ID...
How many of the other fields do I need to tweak? Is it ok to use
my external IP address in the Portal URL?
And back to the PF Admin guide, where is this "Redirect URI"
field? I don't see it in the configs for the source, nor do I
readily see it in the Google configurations?
Thank you for any and all help!
Thanks,
Joshua Nathan
IT Administrator
Black Forest Academy
+49 (0) 7626-916123 <tel:%2B49%20%280%29%207626-916123>
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> ::+1.514.447.4918
<tel:%2B1.514.447.4918> (x135) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
