Manualshelf

Developers guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK 4.1.0 -
61626364656667686970
Chapter 7
Copyright © 2008-2013 Inverse inc.
Optional components 63
OAuth2 Authentication
The captive portal of PacketFence allows a guest/user to register using his Google, Facebook or Github
account.
For each providers, we maintain an allowed domain list to punch holes into the firewall so the user can
hit the provider login page. This list is available in each OAuth2 authentication source.
In order to have oauth2 working properly, you need to enable IP forwarding on your servers. To do it
permanently, look in the /etc/sysctl.conf, and set the following line:
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
Save the file, and issue a sysctl -p to update the OS config.
Google
In order to use Google as a OAuth2 provider, you need to get an API key to access their services. Sign
up here : http://code.google.com/apis/console. Make sure you use this URI for the "Redirect URI" field :
https://YOUR_PORTAL_HOSTNAME/oauth2/google. Of course, replace the hostname with the values from
general.hostname and general.domain.
Once you have your client id, and API key, you need to configure the OAuth2 provider. This can be done
by adding a Google OAuth2 authentication source from Configuration � Sources.
Moreover, don’t forget to add Google as a registration mode from your portal profile definition, available
from Configuration � Portal Profiles and Pages.
Facebook
To use Facebook, you also need an API code and a secret key. To get one, go here: https://
developers.facebook.com/apps. When you create your App, make sure you input the following as the
Website URL: https://YOUR_PORTAL_HOSTNAME/oauth2/facebook
Of course, replace the hostname with the values from general.hostname and general.domain.
Once you have your information, you need to configure the OAuth2 provider. This can be done by adding
a Facebook OAuth2 authentication source from Configuration � Sources.
Moreover, don’t forget to add Facebook as a registration mode from your portal profile definition, available
from Configuration � Portal Profiles and Pages.
Caution
By allowing OAuth through Facebook, you will give Facebook access to the users while
they are sitting in the registration VLAN.