FortiWLC – Social Authentication Support

Social Authentication Support

The captive portal authentication process now supports Fortinet Presence as an external CP authentication server that allows users to authentication using social media accounts like Facebook or Gmail OAuth.

Supported APs: AP122, AP822, AP832, OAP832, FAP-U421EV and FAP-U423EV.

Before proceeding, note the following:

  • Enable location service in the controller(See “Configuring FortiPresence API” on page 86. for more details).
  • Assign the AP in the data analytics store.
  • Not supported in “Bridge mode”.

To enable social authentication support, do the following:

  1. Create captive portal exemptions profile
  2. Configure captive portal profile to use Fortinet Presence
  3. Enable this captive portal profile in security profile and add this security profile in the ESS profile.

Social Authentication Support

Create Captive Portal Exemptions Profile

To enable social login, create a profile with the list of exempted URLs and in the captive portal profile and select FortiPresence as the external authentication server.

  1. Go to Configuration > Security > Captive Portal > Captive Portal Exemptions.
  2. Click the Add button to create a profile with the list of URLs that will be allowed for social authentications. To add multiple URLs to a profile, enter a space after each URL entry. You can add up to 32 URLs

Social Authentication Support

Configure Captive Portal Profile to use Fortinet Presence
  1. Go to Configuration > Security > Captive Portal > Captive Portal Profiles page
  2. Create a captive portal profile with local or radius as authentication type.
    • If Authentication type is Local, then create a guest user with the following credentials: username: gooduser
    • password:good. If Authentication type is RADIUS, then in that RADIUS server, create a user with the following credentials: username: gooduser
    • password:good.
  3. Make the following changes to External Portal Settings:
  4. Select Fortinet-Presence as the external server (1).
  5. Select the profile (2) created with the exempted URLs.
  6. Enter http://socialwifi.fortipresence.com/wifi.html?login as URL (3) in the external portal

URL.

Social Authentication Support

For Fortinet Presence server configuration and account, see the FortiPresence configuration guide: http://docs.fortinet.com/d/fortipresence-analytics-configuration-guide

Enable this captive portal profile in security and ESS profiles

Enable the captive portal profile in the security profile and map the security profile in the ESS Profile.  In the security profile, make the following changes to the CAPTIVE PORTAL SETTINGS section:

  1. Set Captive Portal to Webauth.
  2. Select the captive portal created for enabling social wifi login.
  3. Set Captive Portal Authentication Method as External.

 

This entry was posted in Administration Guides, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.