Fabrice,
It looks like I might have figured out my problem. I needed to correct my
DNS entry. So now it looks like I'm getting to Google. Heh... now the
problem is post login. I'll play with it some more, and I'll post again if
I continue to have trouble. Thanks for all your help!!!
Thanks,
Joshua Nathan
IT Administrator
Black Forest Academy
+49 (0) 7626-916123
On Thu, Jan 23, 2014 at 10:53 AM, Josh Nathan <[email protected]>wrote:
> I already had *.google.com in the Authorized domain list. I tried adding
> accounts.google.com as well. I've even gone as far as to add the whole
> URL there (https://accounts.google.com/o/oauth2/auth). Still seeing the
> same issue.
>
> Here's the packetfence.log:
> Jan 23 10:47:51 pfdhcplistener(23361) INFO: DHCPACK CIADDR from 172.22.0.1
> (08:00:27:1c:2c:cb) to host 60:eb:69:56:53:06 (172.22.248.181)
> (main::parse_dhcp_ack)
> Jan 23 10:47:51 redir.cgi(0) INFO: 60:eb:69:56:53:06 being redirected
> (default profile)
> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
> Jan 23 10:47:51 redir.cgi(0) INFO: Updating node 60:eb:69:56:53:06
> user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:26.0)
> Gecko/20100101 Firefox/26.0' (pf::web::web_node_record_user_agent)
> Jan 23 10:47:51 redir.cgi(0) INFO: Static User-Agent lookup data
> initialized (pf::useragent::_init)
> Jan 23 10:47:51 redir.cgi(0) INFO: 60:eb:69:56:53:06 redirected to
> authentication page
> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
> Jan 23 10:48:07 oauth2.cgi(0) INFO: Sending 60:eb:69:56:53:06 to OAuth2 -
> Provider:google
> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_oauth2_2ecgi::handler)
> Jan 23 10:48:08 redir.cgi(0) INFO: 60:eb:69:56:53:06 being redirected
> (default profile)
> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
> Jan 23 10:48:08 redir.cgi(0) INFO: 60:eb:69:56:53:06 redirected to
> authentication page
> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
>
> And here's the portal_access_log:
> 172.22.248.181 - - [23/Jan/2014:10:47:51 +0100] "GET / HTTP/1.1" 302 911
> "-" "Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0"
> 172.22.248.181 - - [23/Jan/2014:10:47:51 +0100] "GET
> /captive-portal?destination_url=http://www.yahoo.com/ HTTP/1.1" 200 7251
> "-" "Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0"
> 172.22.0.1 - - [23/Jan/2014:10:48:03 +0100] "OPTIONS * HTTP/1.0" 200 - "-"
> "Apache (internal dummy connection)"
> 172.22.248.181 - - [23/Jan/2014:10:48:07 +0100] "GET
> /oauth2/auth?provider=google HTTP/1.1" 302 493 "
> https://packetfence4.bfacademy.de/captive-portal?destination_url=http://www.yahoo.com/";
> "Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0"
> 172.22.248.181 - - [23/Jan/2014:10:48:07 +0100] "GET
> /o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%
> 2Fpacketfence4.bfacademy.de%2Foauth2%2Fgoogle&client_id=
> 481719810782-ic80pj87ni1v1v7iohe9f6qovud2jfmq.apps.googleusercontent.com
> &type=web_server&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email
> HTTP/1.1" 302 931 "
> https://packetfence4.bfacademy.de/captive-portal?destination_url=http://www.yahoo.com/";
> "Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0"
> 172.22.248.181 - - [23/Jan/2014:10:48:07 +0100] "GET
> /captive-portal?destination_url=https://accounts.google.com/o/oauth2/authHTTP/1.1";
> 200 7271 "
> https://packetfence4.bfacademy.de/captive-portal?destination_url=http://www.yahoo.com/";
> "Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0"
>
>
> Thanks,
> Joshua Nathan
> IT Administrator
> Black Forest Academy
> +49 (0) 7626-916123
>
>
> On Wed, Jan 22, 2014 at 5:14 PM, Fabrice DURAND <[email protected]>wrote:
>
>> Just add the missing domain in Authorized domains , it work exactly the
>> same than passthroughs setting.
>>
>> Le 2014-01-22 11:02, Josh Nathan a écrit :
>>
>> Thanks Fabrice!
>>
>> While I feel like I'm much closer, I'm still having trouble. Whenever I
>> click the "Login with Google Account" button, it does a refresh on the
>> login page (and changes the "destination_url" to "
>> https://accounts.google.com/o/oauth2/auth";). Am I missing something? I
>> went ahead and added "https://accounts.google.com"; to the Passthroughs
>> setting.
>>
>> Here's what I'm seeing in packetfence.log:
>>
>> Jan 22 16:40:22 redir.cgi(0) INFO: 60:eb:69:56:53:06 being redirected
>> (default profile)
>> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
>> Jan 22 16:40:22 redir.cgi(0) INFO: Updating node 60:eb:69:56:53:06
>> user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:26.0)
>> Gecko/20100101 Firefox/26.0' (pf::web::web_node_record_user_agent)
>> Jan 22 16:40:22 redir.cgi(0) INFO: Static User-Agent lookup data
>> initialized (pf::useragent::_init)
>> Jan 22 16:40:22 redir.cgi(0) INFO: 60:eb:69:56:53:06 redirected to
>> authentication page
>> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
>> Jan 22 16:40:35 pfmon(0) INFO: running expire check (main::cleanup)
>> Jan 22 16:40:35 pfmon(0) INFO: checking registered nodes for expiration
>> (main::cleanup)
>> Jan 22 16:40:35 pfmon(0) INFO: checking violations for expiration
>> (main::cleanup)
>> Jan 22 16:40:35 pfmon(0) INFO: checking accounting data for potential
>> bandwidth abuse (main::cleanup)
>> Jan 22 16:40:35 pfmon(0) INFO: getting violations triggers for
>> accounting cleanup (pf::accounting::acct_maintenance)
>> Jan 22 16:40:35 pfmon(0) INFO: Calling node acct maintenance total with
>> monthly and 1 for 21474836480 (pf::accounting::acct_maintenance)
>> Jan 22 16:40:40 oauth2.cgi(0) INFO: Sending 60:eb:69:56:53:06 to OAuth2
>> - Provider:google
>> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_oauth2_2ecgi::handler)
>> Jan 22 16:40:40 redir.cgi(0) INFO: 60:eb:69:56:53:06 being redirected
>> (default profile)
>> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
>> Jan 22 16:40:40 redir.cgi(0) INFO: 60:eb:69:56:53:06 redirected to
>> authentication page
>> (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
>>
>>
>>
>> Thanks,
>> Joshua Nathan
>> IT Administrator
>> Black Forest Academy
>> +49 (0) 7626-916123
>>
>>
>> On Wed, Jan 22, 2014 at 2:55 PM, Fabrice DURAND <[email protected]>wrote:
>>
>>> Hello Joshua,
>>>
>>> it look that google change a little bit the console.
>>> So on https://cloud.google.com/console/ go in APIs & auth ->
>>> credentials and create a new client id.
>>>
>>> Then in Oauth2 config in pf:
>>> API ID => Client ID (From google)
>>> API Secret => Client Secret (From google)
>>> API URL => https://accounts.google.com
>>> API Authorize Path => /o/oauth2/auth
>>> API Token Path => /o/oauth2/token
>>> Access Token Parameter => oauth_token
>>> Scope => https://www.googleapis.com/auth/userinfo.email
>>> API URL of logged user => https://www.googleapis.com/oauth2/v2/userinfo
>>> Portal URL =>
>>> https://packtfence.black-forest-academy.com/oauth2/google(Should be the
>>> same as Redirect URIs in google)
>>> Authorized domains => *.google.com,*.google.ca,*.google.fr,*.gstatic.com
>>> ,googleapis.com,accounts.youtube.com
>>>
>>> Also Javascript Origins should be
>>> https://packtfence.black-forest-academy.com
>>>
>>>
>>> For authorized domains you have to take care of the user account origin,
>>> like if you create your account on google.fr then you have to allow *.
>>> google.fr, if you create it in UK the google.uk ...
>>>
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le 2014-01-22 06:49, Josh Nathan a écrit :
>>>
>>> OK, I'm floundering here. I have a fresh PacketFence 4.1 install,
>>> and I'd like to make it so that people can register with their Google
>>> account. Specifically, we have a Google for education domain, and want our
>>> users to be able to use that for logging into PacketFence.
>>>
>>> The problem is that I can't quite figure out how to make it work. The
>>> administrator guide says I need "an API key". What kind? From the Admin
>>> console in Google, I can get an "OAuth consumer key" and "OAuth consumer
>>> secret". When I follow the link mentioned in the PF admin guide, it takes
>>> me somewhere else where I can create a "project". So I did, but I feel
>>> like I'm just guessing what services to connect to it. Any guidance
>>> there? And none of them seem to be title "userinfo" which is the scope
>>> mentioned in the PF configurations.
>>>
>>> When setting up Google as a source, what all fields do I need to
>>> customize/how?
>>>
>>> Is the "API" ID my "project" ID followed by the ".
>>> apps.googleusercontent.com"?
>>>
>>> I'm assuming the API key should be whichever long hash comes paired with
>>> the ID...
>>>
>>> How many of the other fields do I need to tweak? Is it ok to use my
>>> external IP address in the Portal URL?
>>>
>>> And back to the PF Admin guide, where is this "Redirect URI" field? I
>>> don't see it in the configs for the source, nor do I readily see it in the
>>> Google configurations?
>>>
>>> Thank you for any and all help!
>>>
>>>
>>> Thanks,
>>> Joshua Nathan
>>> IT Administrator
>>> Black Forest Academy
>>> +49 (0) 7626-916123 <%2B49%20%280%29%207626-916123>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>>> Critical Workloads, Development Environments & Everything In Between.
>>> Get a Quote or Start a Free Trial Today.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing
>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>> --
>>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>>> www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>> (http://packetfence.org)
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>>> Critical Workloads, Development Environments & Everything In Between.
>>> Get a Quote or Start a Free Trial Today.
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> Critical Workloads, Development Environments & Everything In Between.
>> Get a Quote or Start a Free Trial Today.
>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> --
>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> Critical Workloads, Development Environments & Everything In Between.
>> Get a Quote or Start a Free Trial Today.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
