I already had *.google.com in the Authorized domain list. I tried adding
accounts.google.com as well. I've even gone as far as to add the whole URL
there (https://accounts.google.com/o/oauth2/auth). Still seeing the same
issue.
Here's the packetfence.log:
Jan 23 10:47:51 pfdhcplistener(23361) INFO: DHCPACK CIADDR from 172.22.0.1
(08:00:27:1c:2c:cb) to host 60:eb:69:56:53:06 (172.22.248.181)
(main::parse_dhcp_ack)
Jan 23 10:47:51 redir.cgi(0) INFO: 60:eb:69:56:53:06 being redirected
(default profile)
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jan 23 10:47:51 redir.cgi(0) INFO: Updating node 60:eb:69:56:53:06
user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:26.0)
Gecko/20100101 Firefox/26.0' (pf::web::web_node_record_user_agent)
Jan 23 10:47:51 redir.cgi(0) INFO: Static User-Agent lookup data
initialized (pf::useragent::_init)
Jan 23 10:47:51 redir.cgi(0) INFO: 60:eb:69:56:53:06 redirected to
authentication page
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jan 23 10:48:07 oauth2.cgi(0) INFO: Sending 60:eb:69:56:53:06 to OAuth2 -
Provider:google
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_oauth2_2ecgi::handler)
Jan 23 10:48:08 redir.cgi(0) INFO: 60:eb:69:56:53:06 being redirected
(default profile)
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jan 23 10:48:08 redir.cgi(0) INFO: 60:eb:69:56:53:06 redirected to
authentication page
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
And here's the portal_access_log:
172.22.248.181 - - [23/Jan/2014:10:47:51 +0100] "GET / HTTP/1.1" 302 911
"-" "Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0"
172.22.248.181 - - [23/Jan/2014:10:47:51 +0100] "GET
/captive-portal?destination_url=http://www.yahoo.com/ HTTP/1.1" 200 7251
"-" "Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0"
172.22.0.1 - - [23/Jan/2014:10:48:03 +0100] "OPTIONS * HTTP/1.0" 200 - "-"
"Apache (internal dummy connection)"
172.22.248.181 - - [23/Jan/2014:10:48:07 +0100] "GET
/oauth2/auth?provider=google HTTP/1.1" 302 493 "
https://packetfence4.bfacademy.de/captive-portal?destination_url=http://www.yahoo.com/";
"Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0"
172.22.248.181 - - [23/Jan/2014:10:48:07 +0100] "GET
/o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%
2Fpacketfence4.bfacademy.de%2Foauth2%2Fgoogle&client_id=
481719810782-ic80pj87ni1v1v7iohe9f6qovud2jfmq.apps.googleusercontent.com
&type=web_server&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email
HTTP/1.1" 302 931 "
https://packetfence4.bfacademy.de/captive-portal?destination_url=http://www.yahoo.com/";
"Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0"
172.22.248.181 - - [23/Jan/2014:10:48:07 +0100] "GET
/captive-portal?destination_url=https://accounts.google.com/o/oauth2/authHTTP/1.1";
200 7271 "
https://packetfence4.bfacademy.de/captive-portal?destination_url=http://www.yahoo.com/";
"Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0"
Thanks,
Joshua Nathan
IT Administrator
Black Forest Academy
+49 (0) 7626-916123
On Wed, Jan 22, 2014 at 5:14 PM, Fabrice DURAND <[email protected]> wrote:
> Just add the missing domain in Authorized domains , it work exactly the
> same than passthroughs setting.
>
> Le 2014-01-22 11:02, Josh Nathan a écrit :
>
> Thanks Fabrice!
>
> While I feel like I'm much closer, I'm still having trouble. Whenever I
> click the "Login with Google Account" button, it does a refresh on the
> login page (and changes the "destination_url" to "
> https://accounts.google.com/o/oauth2/auth";). Am I missing something? I
> went ahead and added "https://accounts.google.com"; to the Passthroughs
> setting.
>
> Here's what I'm seeing in packetfence.log:
>
> Jan 22 16:40:22 redir.cgi(0) INFO: 60:eb:69:56:53:06 being redirected
> (default profile)
> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
> Jan 22 16:40:22 redir.cgi(0) INFO: Updating node 60:eb:69:56:53:06
> user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:26.0)
> Gecko/20100101 Firefox/26.0' (pf::web::web_node_record_user_agent)
> Jan 22 16:40:22 redir.cgi(0) INFO: Static User-Agent lookup data
> initialized (pf::useragent::_init)
> Jan 22 16:40:22 redir.cgi(0) INFO: 60:eb:69:56:53:06 redirected to
> authentication page
> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
> Jan 22 16:40:35 pfmon(0) INFO: running expire check (main::cleanup)
> Jan 22 16:40:35 pfmon(0) INFO: checking registered nodes for expiration
> (main::cleanup)
> Jan 22 16:40:35 pfmon(0) INFO: checking violations for expiration
> (main::cleanup)
> Jan 22 16:40:35 pfmon(0) INFO: checking accounting data for potential
> bandwidth abuse (main::cleanup)
> Jan 22 16:40:35 pfmon(0) INFO: getting violations triggers for
> accounting cleanup (pf::accounting::acct_maintenance)
> Jan 22 16:40:35 pfmon(0) INFO: Calling node acct maintenance total with
> monthly and 1 for 21474836480 (pf::accounting::acct_maintenance)
> Jan 22 16:40:40 oauth2.cgi(0) INFO: Sending 60:eb:69:56:53:06 to OAuth2
> - Provider:google
> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_oauth2_2ecgi::handler)
> Jan 22 16:40:40 redir.cgi(0) INFO: 60:eb:69:56:53:06 being redirected
> (default profile)
> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
> Jan 22 16:40:40 redir.cgi(0) INFO: 60:eb:69:56:53:06 redirected to
> authentication page
> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
>
>
>
> Thanks,
> Joshua Nathan
> IT Administrator
> Black Forest Academy
> +49 (0) 7626-916123
>
>
> On Wed, Jan 22, 2014 at 2:55 PM, Fabrice DURAND <[email protected]>wrote:
>
>> Hello Joshua,
>>
>> it look that google change a little bit the console.
>> So on https://cloud.google.com/console/ go in APIs & auth -> credentials
>> and create a new client id.
>>
>> Then in Oauth2 config in pf:
>> API ID => Client ID (From google)
>> API Secret => Client Secret (From google)
>> API URL => https://accounts.google.com
>> API Authorize Path => /o/oauth2/auth
>> API Token Path => /o/oauth2/token
>> Access Token Parameter => oauth_token
>> Scope => https://www.googleapis.com/auth/userinfo.email
>> API URL of logged user => https://www.googleapis.com/oauth2/v2/userinfo
>> Portal URL =>
>> https://packtfence.black-forest-academy.com/oauth2/google(Should be the same
>> as Redirect URIs in google)
>> Authorized domains => *.google.com,*.google.ca,*.google.fr,*.gstatic.com,
>> googleapis.com,accounts.youtube.com
>>
>> Also Javascript Origins should be
>> https://packtfence.black-forest-academy.com
>>
>>
>> For authorized domains you have to take care of the user account origin,
>> like if you create your account on google.fr then you have to allow *.
>> google.fr, if you create it in UK the google.uk ...
>>
>>
>> Regards
>> Fabrice
>>
>>
>> Le 2014-01-22 06:49, Josh Nathan a écrit :
>>
>> OK, I'm floundering here. I have a fresh PacketFence 4.1 install,
>> and I'd like to make it so that people can register with their Google
>> account. Specifically, we have a Google for education domain, and want our
>> users to be able to use that for logging into PacketFence.
>>
>> The problem is that I can't quite figure out how to make it work. The
>> administrator guide says I need "an API key". What kind? From the Admin
>> console in Google, I can get an "OAuth consumer key" and "OAuth consumer
>> secret". When I follow the link mentioned in the PF admin guide, it takes
>> me somewhere else where I can create a "project". So I did, but I feel
>> like I'm just guessing what services to connect to it. Any guidance
>> there? And none of them seem to be title "userinfo" which is the scope
>> mentioned in the PF configurations.
>>
>> When setting up Google as a source, what all fields do I need to
>> customize/how?
>>
>> Is the "API" ID my "project" ID followed by the ".
>> apps.googleusercontent.com"?
>>
>> I'm assuming the API key should be whichever long hash comes paired with
>> the ID...
>>
>> How many of the other fields do I need to tweak? Is it ok to use my
>> external IP address in the Portal URL?
>>
>> And back to the PF Admin guide, where is this "Redirect URI" field? I
>> don't see it in the configs for the source, nor do I readily see it in the
>> Google configurations?
>>
>> Thank you for any and all help!
>>
>>
>> Thanks,
>> Joshua Nathan
>> IT Administrator
>> Black Forest Academy
>> +49 (0) 7626-916123 <%2B49%20%280%29%207626-916123>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> Critical Workloads, Development Environments & Everything In Between.
>> Get a Quote or Start a Free Trial Today.
>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> --
>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> Critical Workloads, Development Environments & Everything In Between.
>> Get a Quote or Start a Free Trial Today.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
