Enabling/Using Social Login

  • 1
  • Question
  • Updated 4 months ago
  • Answered
We are wanting to test the new Social Login Feature, But not sure how to get it to work?
So far we enabled "Social Login" in our On Premise HM under services, I have created a new SSID, with Open Auth and Ticket "Social Login", saved and deployed the settings.
When we connect to the SSID we just get full access, no captive portal is shown.
I can log into myHive and see the test login CWP we have set up.
Any ideas why its not working?
Photo of Bohdan

Bohdan

  • 10 Posts
  • 2 Reply Likes

Posted 4 years ago

  • 1
Photo of Bohdan

Bohdan

  • 10 Posts
  • 2 Reply Likes
Is there certain DNS setings that need to be set maybe? ATM we are suing Googles DNS.
Also I can see the HiveManager registered in MyHive, under the audit log I see "Portal registered"
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Hi there.

On-premise HM users have to do a couple things to get any of the Mobility Suite components working.  Specifically, you need to associate your HiveManager instance with your MyHive account.

In HiveManager, you can do this by logging in with super admin credentials (typically admin, but depends on your environment).  Browse to Home > Administration > HiveManager Services.  Select Customer ID Retrieval, then input the email address and password for your MyHive account and then click Retrieve.  Then click Update.

Some on-premise HiveManager users don't have a MyHive account yet.  If that is the case for you, then please open a support ticket with your support provider and ask them to do this for you.

MyHive is where you will ultimately configure and customize any of the Mobility Suite services, including Social Login.
Photo of Bohdan

Bohdan

  • 10 Posts
  • 2 Reply Likes
Hi,
As I stated, I have connected our OnPremise HiveManager to the Online MyHive, In MyHive I can see in the logs saying its connected to our OnPremise HM and is working. Once it is enabled I can turn it on for the SSID. It just doesn't see to be forwarding the Clients to the Social Login page.
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Sorry, I guess I didn't read that last sentence your initial post. Is the AP running 6.1r6?
Photo of Bohdan

Bohdan

  • 10 Posts
  • 2 Reply Likes
All AP's are: HiveOS 6.1r6.1779  With app sigs ver 3.1.6
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
There isn't much data to work with here.  It's working for me.

What is your AP model?
What websites are you browsing to that work instead of redirecting you?
Can you post an AP log after your client bypasses the Social Login page?  From the CLI, type "clear log buff" to clear the log, connect your client and browse, type "show log buff" and capture the data.

Thanks.
Photo of Bohdan

Bohdan

  • 10 Posts
  • 2 Reply Likes
AP's are 330's. Any website works, google, yahoo etc... Once you connect to the SSID you just get access.
Pastbin: http://pastebin.com/Y0uBXsY9
SSID is FreeWireless, Devices I associated with is 20c9:d082:5297
Sorry, I'm not sure what other info to give, As far as I can tell, you add your ClientID, tick the "Social Login" under services, then enable on the SSID and it all works. So not sure what to do to trouble shoot this.
Photo of Bohdan

Bohdan

  • 10 Posts
  • 2 Reply Likes
Photo of Hans Matthé

Hans Matthé

  • 42 Posts
  • 2 Reply Likes
I have the same issue, I configured een SSID, did the procedure to connect to the myhive account, enabled the social login procedure but I can browse to any website without the portal comming up.
Photo of OnePlayer783

OnePlayer783

  • 1 Post
  • 0 Reply Likes

You should double check if really all sites are allowed. Try ebay.com, weather.com, aerohive.com or any other site that is NOT related to one of the social pages that you can use to login ;) You should always get just the Social CWP.

For me I can use without to login:

Google
Twitter
Facebook
LinkedIn

But also Youtube or any Google Site and many more related Websites. 

@Aerohive, is that a Bug or a Feature? ;-)

Photo of Bohdan

Bohdan

  • 10 Posts
  • 2 Reply Likes
I can browse any site without logging in, ebay, aerohive, webhostingtalk... they all work without ever prompting.
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
We have some folks looking at the logs you provided. I will update when I hear back.
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
From the logs, it looks like the AP can not contact the Social Login cloud services.  Are there any firewall rules in place that would stop the AP in the management subnet outbound using ICMP or HTTPS?

Engineering has asked that you provide a couple things to help troubleshoot:
1) Have you tried using the Social Login Test tool from within HiveManager?  The tool is located on the same screen where you enabled the service? What is the result?

2) If the test succeeds, can you provide a copy of the running config of your AP?  You can email me the config at (firstinitiallastname) at aerohive dot com. Please provide your MyHive user name with the email.
Photo of Bohdan

Bohdan

  • 10 Posts
  • 2 Reply Likes
Hi,
We do have a firewall in place, what IP's (or URL's) will it be trying to connect to, and what will be connecting to them? The AP, the client? or the HM? There seems to be a vast lack of documentation around this.

1. The test succeeds

2. I'll see if I can get approval to send through the config,
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Sorry about that.  I am working with the documentation team and engineering to fill the gaps.  I hope to have some more answers for you tomorrow.
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
OK, we will work on updating the documentation with the following information, but here are the relevant things to open through the firewall:

APs need outbound access to:
acpp.aerohive.com            TCP 80,443

HiveManager needs outbound access to:
sl.aerohive.com                  TCP 80,443

Client devices need outbound access to:
acpp.aerohive.com             TCP 80,443
sl.aerohive.com                  TCP 80,443

Clients also need access to OAuth provider services on TCP 80,443.  This list of addresses is long and dynamic, and the recommendation is that for the guest networks you support using Social Login, TCP 80 and 443 should be open outbound to the internet.
Photo of Bohdan

Bohdan

  • 10 Posts
  • 2 Reply Likes
Hi,
Had to play around a bit with our firewalls etc... but thanks to the info above we have it 90% working,
The only issue (flaw?) we have at the moment is when you connect for the first time, and open your browser, if google is set as your home page it goes straight to google ( over https ) and it seems a login prompt is not triggered until you hit a standard HTTP page.
Photo of Anjanesh Babu

Anjanesh Babu

  • 68 Posts
  • 7 Reply Likes
Repeating experience and words above "I can browse any site without logging in, ebay, aerohive, webhostingtalk  they all work without ever prompting."

Social login does not seem to work or at least the captive portal is not visible.
Have enabled myhive and tested social login servers on our on-premise hivemanager.  Firewall ports outbound are open as above.

Any suggestions ?
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Care to post a log from the AP when a client connects and gets to the internet?
Photo of Anjanesh Babu

Anjanesh Babu

  • 68 Posts
  • 7 Reply Likes
Apologies for the delay - our local Aerohive support looked at this promptly and we seem to have found this to be working ..most of it anyway.
For testing, I had to allow all client and AP mgt traffic out . No inbound rules were changed.
Observations
- Most pages get through for a few clicks before the captive portal is seen
- Sites like you tube or facebook  get bypassed (since the portal cannot distinguish between OAUTH and client traffic)
- https redirect seems to work on a laptop.
This is sea change from last week when under the exact same configuration the clients seemed either to bypass the portal or  reload endlessly without results.

I can of course post logs if it helps

thanks for the prompt follow up

 
Photo of Sun Wei

Sun Wei

  • 3 Posts
  • 0 Reply Likes
I'm using on-premise HM, when I tick the social login setting and click test, i receive the message "Could not connect to the Social Login service, please try it later."

Please advise.

Thanks.
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Is this fixed on your firewall?

HiveManager needs outbound access to:
sl.aerohive.com                  TCP 80,443
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
By the way, the help file has been updated with the firewall rules. Refer to the Enabling Access to Social Login Through a Firewall section.
Photo of Ivan Villagomez

Ivan Villagomez

  • 1 Post
  • 0 Reply Likes
I'm using hive online and getting the same "Could not connect to the Social Login service"

Any ideas?
(Edited)
Photo of Johanna Kais

Johanna Kais

  • 1 Post
  • 0 Reply Likes
Hi, i don't even get the SOCIAL LOGIN option. Do any of you have any idea why?