social media sign-in settings

HSG allows users to login to captive portal based through user social media accounts, eg. facebook, google+, twitter, weibo, etc. Each of the social media provider will require an unique App ID to map to a unique portal URL (or landing page URL). There're 3 steps required to turn on socialmedia sign-in option on your HSG captive portals.

Step 1: enable your desired social media sign-in option.

You can select one or two



Bypass domains for social media sign-in

Note that in order to authenticate with social media provider, we need to bypass their domains on HSG or HSA or MAP hotspot configurations, so that users can access and sign-in before being authenticated by HSG/HSA/MAP.

Bypass domains for social media sign-in



FACEBOOKakamai.netakamaihd.netfacebook.comfacebook.netfbcdn.net
TWITTERtwitter.comtwimg.com
LINKEDINlinkedin.comstatic.licdn.com
WEIBOweibo.cnweibo.comlogin.sina.com.cn

Configure plash portal URL

Because facebook now only permit portal URL using https, so it's only possible to use portal with .ransnet.com domain for facebook login. The reason for having to use RansNet domain URL is because the HSG already has built-in certificate for .ransnet.com, to support portal with https. 

There're two deployment modes when using facebook sign-in

1. on-premise mode. In this case, we just need do DNS write for splash.ransnet.com to redirect to HSG local IP, in order "spoof" facebook (so it will see requests coming from authorized https URL). When clients launch portal access to splash.ransnet.com, HSG will perform DNS rewrite to point to its local IP. So that, the requests go to HSG local portal server; then HSG will use this URL to authenticate with facebook based on integrated API. This method allows seamless portal deployment without hassle of applying APP ID for each customer/deployment.

-------------------------------------

!interface loopback ip address 2.1.2.1/32!ip host splash.ransnet.com 2.1.2.1 rewrite   <---map portal URL to a local loopback IP!security hotspot vlan22 client-sticky last 3 client-sticky-vlanlist 12,22 bypass-domain listdn akamaihd.netdn facebook.comdn facebook.netdn fbcdn.netdn twitter.comdn twimg.comdn linkedin.comdn static.licdn.comdn weibo.cndn weibo.comdn login.sina.com.cn hotspot-portal https://splash.ransnet.com/pid/randytest/login.php    <---portal url in htttps start

-------------------------------------

2. cloud mode or cloudx mode. For both cases, the MAP (in the case of cloud mode) or the HSA/HSG (in cloudx mode) need to point to a central HSG with a public portal URL. Partner/vendor need to apply a RansNet domain portal URL mapping to its public IP, eg. customer1.ransnet.com, so that the portal URL becomes something like https://customer1.ransnet.com/customer1/portal1/login.php

There're two information customer/partner need to provide to RansNet, so that RansNet engineer can provision DNS setting to map customer portal URL to the correct public IP.

Apply facebook APP ID (please refer here for complete API docs)

Below are the steps to request facebook APP ID.

Getting App ID and Token

(SOURCE: https://smashballoon.com/custom-facebook-feed/access-token/ )

Configuring App Domain URL for customized portal URL

(PRE_REQUISITE: App Id and Token)

landing page.jpg
2017-03-14_1519.png

Make your app publicly available

Go to "App Review", Make <appname> public?, tick on "Yes"

Once you have the APP ID info, configure it in the portal setting.

Apply twitter keys


2017-09-12_1040.png
2017-09-12_1035.png
2017-09-12_1048.png