FortiWLC – Social Authentication Support

Social Authentication Support

The captive portal authentication process now supports Fortinet Presence as an external CP authentication server that allows users to authentication using social media accounts like Facebook or Gmail OAuth.

Supported APs: AP122, AP822, AP832, OAP832, FAP-U421EV and FAP-U423EV.

Before proceeding, note the following:

• Enable location service in the controller(See “Configuring FortiPresence API” on page 86. for more details).
• Assign the AP in the data analytics store.
• Not supported in “Bridge mode”.

To enable social authentication support, do the following:

1. Create captive portal exemptions profile
2. Configure captive portal profile to use Fortinet Presence
3. Enable this captive portal profile in security profile and add this security profile in the ESS profile.

Social Authentication Support

Create Captive Portal Exemptions Profile

To enable social login, create a profile with the list of exempted URLs and in the captive portal profile and select FortiPresence as the external authentication server.

1. Go to Configuration > Security > Captive Portal > Captive Portal Exemptions.
2. Click the Add button to create a profile with the list of URLs that will be allowed for social authentications. To add multiple URLs to a profile, enter a space after each URL entry. You can add up to 32 URLs

Social Authentication Support

Configure Captive Portal Profile to use Fortinet Presence

1. Go to Configuration > Security > Captive Portal > Captive Portal Profiles page
2. Create a captive portal profile with local or radius as authentication type.
   • If Authentication type is Local, then create a guest user with the following credentials: username: gooduser
   • password:good. If Authentication type is RADIUS, then in that RADIUS server, create a user with the following credentials: • username: gooduser
   • password:good.
3. Make the following changes to External Portal Settings:
4. Select Fortinet-Presence as the external server (1).
5. Select the profile (2) created with the exempted URLs.
6. Enter http://socialwifi.fortipresence.com/wifi.html?login as URL (3) in the external portal

URL.

Social Authentication Support

For Fortinet Presence server configuration and account, see the FortiPresence configuration guide: http://docs.fortinet.com/d/fortipresence-analytics-configuration-guide

Enable this captive portal profile in security and ESS profiles

Enable the captive portal profile in the security profile and map the security profile in the ESS Profile.  In the security profile, make the following changes to the CAPTIVE PORTAL SETTINGS section:

1. Set Captive Portal to Webauth.
2. Select the captive portal created for enabling social wifi login.
3. Set Captive Portal Authentication Method as External.