PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001678PacketFencecaptive portalpublic2013-08-02 09:132014-12-22 20:02
ReporterKimHagen 
Assigned Tofdurand 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
fixed in git revision
fixed in mtn revision
Summary0001678: Google oauth redirects back to captive portal before you can select yes/no to allow your site.
DescriptionOn the captive portal if you select Google ouath it will redirect you to the Google login, after this it will redirect you back to the captive portal.
(or first it will let you do your second-step authentication and then send you back to the captive portal page.)

If you then select the Google oauth again you will get on the page where you can accept your site to have access and if you select yes the network access progress-bar appears and you have access.

So you get 2 times the captive portal before you have access.
For the facebook oauth it is as you expect. (portal, login and then access)
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2013-08-02 09:13KimHagenNew Issue
2013-08-02 09:15KimHagenNote Added: 0003375
2013-08-02 09:25fdurandNote Added: 0003376
2013-08-02 11:42KimHagenNote Added: 0003380
2013-08-02 11:46KimHagenNote Edited: 0003380
2013-08-07 05:18KimHagenNote Added: 0003388
2013-08-12 06:02KimHagenNote Deleted: 0003388
2013-08-12 06:04KimHagenNote Added: 0003390
2014-11-29 08:28deltaNote Added: 0003616
2014-11-29 08:28deltaNote Added: 0003617
2014-11-29 08:29deltaTag Attached: captive portal
2014-11-29 08:29deltaTag Detached: captive portal
2014-12-22 20:02fdurandNote Added: 0003628
2014-12-22 20:02fdurandStatusnew => resolved
2014-12-22 20:02fdurandResolutionopen => fixed
2014-12-22 20:02fdurandAssigned To => fdurand

Notes
(0003375)
KimHagen   
2013-08-02 09:15   
This was on an iphone 5 and samsung Galaxy S3
(0003376)
fdurand   
2013-08-02 09:25   
Hello,
it mean that one of the domain your device try to reach is forwarded to packetfence.
So sniff dns traffic between packetfence and your device and add the missing domains in the list of Authorized domains in your google authentication source.

Regards
Fabrice
(0003380)
KimHagen   
2013-08-02 11:42   
(edited on: 2013-08-02 11:46)
Hello,
I did sniff the dns traffic and i see what happens, i do not know if this is suppose to happen.

On iphone i select my wifi profile for packetfence and it opens a captive portal window (which i think always goes to www.apple.com)

I login with the google option, it goes to the google login, then it tries to go to www.apple.com instead of the google "accept this site" site.

10.0.0.59 8.8.8.8 DNS 73 Standard query A www.apple.com
8.8.8.8 10.0.0.59 DNS 89 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.59 DNS 95 Standard query response A 173.194.66.84
10.0.0.59 8.8.8.8 DNS 75 Standard query A ssl.gstatic.com
8.8.8.8 10.0.0.59 DNS 91 Standard query response A 173.194.66.120
10.0.0.59 8.8.8.8 DNS 78 Standard query A accounts.google.nl
8.8.8.8 10.0.0.59 DNS 94 Standard query response A 173.194.66.94

10.0.0.59 8.8.8.8 DNS 73 Standard query A www.apple.com
8.8.8.8 10.0.0.59 DNS 89 Standard query response A 10.0.3.254

10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 79 Standard query A www.packetfence.org
8.8.8.8 10.0.0.59 DNS 95 Standard query response A 67.205.85.245


From an android device you select the wifi, and then go to an url,
in my case www.tweakers.net and you get the captive portal,
i then use google auth and enter username and password.
Then the portal tries to go to www.tweakers.net before it goes to the google acceptance page.

10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.67 8.8.8.8 DNS 79 Standard query A www.packetfence.org
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 67.205.85.245
10.0.0.67 8.8.8.8 DNS 84 Standard query A www.google-analytics.com
8.8.8.8 10.0.0.67 DNS 304 Standard query response CNAME www-google-analytics.l.google.com A 173.194.34.71 A 173.194.34.70 A 173.194.34.66 A 173.194.34.78 A 173.194.34.72 A 173.194.34.73 A 173.194.34.64 A 173.194.34.69 A 173.194.34.68 A 173.194.34.67 A 173.194.34.65
10.0.0.67 8.8.8.8 DNS 76 Standard query A mtalk.google.com
8.8.8.8 10.0.0.67 DNS 121 Standard query response CNAME mobile-gtalk.l.google.com A 173.194.78.188
10.0.0.67 8.8.8.8 DNS 74 Standard query A www.google.com
8.8.8.8 10.0.0.67 DNS 170 Standard query response A 173.194.66.99 A 173.194.66.104 A 173.194.66.147 A 173.194.66.103 A 173.194.66.105 A 173.194.66.106
10.0.0.67 8.8.8.8 DNS 79 Standard query A clients1.google.com
8.8.8.8 10.0.0.67 DNS 279 Standard query response CNAME clients.l.google.com A 173.194.34.78 A 173.194.34.69 A 173.194.34.68 A 173.194.34.71 A 173.194.34.65 A 173.194.34.64 A 173.194.34.67 A 173.194.34.73 A 173.194.34.66 A 173.194.34.70 A 173.194.34.72
10.0.0.67 8.8.8.8 DNS 84 Standard query A productforums.google.com
8.8.8.8 10.0.0.67 DNS 203 Standard query response CNAME groups.l.google.com A 173.194.66.100 A 173.194.66.113 A 173.194.66.139 A 173.194.66.102 A 173.194.66.138 A 173.194.66.101
10.0.0.67 8.8.8.8 DNS 75 Standard query A csi.gstatic.com
8.8.8.8 10.0.0.67 DNS 91 Standard query response A 173.194.32.175
10.0.0.67 8.8.8.8 DNS 73 Standard query A www.google.nl
8.8.8.8 10.0.0.67 DNS 89 Standard query response A 173.194.66.94
10.0.0.67 8.8.8.8 DNS 78 Standard query A accounts.google.nl
8.8.8.8 10.0.0.67 DNS 135 Standard query response CNAME accounts-cctld.l.google.com A 173.194.66.94

10.0.0.67 8.8.8.8 DNS 75 Standard query A www.tweakers.nl
8.8.8.8 10.0.0.67 DNS 91 Standard query response A 10.0.3.254

10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 10.0.3.254 HTTP 686 GET /access?destination_url=http%3A%2F%2Fwww.packetfence.org%2F HTTP/1.1

It looks like it redirects to the requested url before google acceptance page.

Regards,
Kim
(0003390)
KimHagen   
2013-08-12 06:04   
The problem i had is gone, i think it was because i used inline interface in dns instead of management interface.

Regards,
Kim
(0003616)
delta   
2014-11-29 08:28   
On the captive portal if you select Google ouath it will redirect you to the Google login, after this it will redirect you back to the captive portal
(0003617)
delta   
2014-11-29 08:28   
can help
(0003628)
fdurand   
2014-12-22 20:02   
Configuration issue