supported 3rd party authentication providers for odyssys · 2015. 4. 3. · authentication...

Supported 3rd Party Authentication Providers for Odyssys

2 Global Reach Technology Limited | @GlobalReachLtd | globglobalreachtech.com

1. Introduction ........................................................................................................................................... 3 1.1 Authentication Provider Menu .................................................................................................................. 3 1.2 Gateway Configuration .............................................................................................................................. 4

2. Google+/Google Apps ............................................................................................................................ 4 2.1 Prerequisites ............................................................................................................................................. 4 2.2 Set up a Google Developers project .......................................................................................................... 4 2.3 Enable Google+ API ................................................................................................................................... 5 2.4 Create a new Client ID ............................................................................................................................... 6 2.5 Create the App Consent Screen ................................................................................................................. 7 2.6 Linking Google Developer project to Odyssys Manager ............................................................................ 7 2.7 Triggering Google + / Google Apps Sign-in from HTML Source .................................................................. 8

3. Facebook................................................................................................................................................ 9 3.1 Prerequisites ............................................................................................................................................. 9 3.2 Creating a Facebook App ........................................................................................................................... 9 3.3 Basic App Setup ......................................................................................................................................... 9 3.4 Setting the App live ................................................................................................................................. 11 3.5 Linking Facebook App to Odyssys Manager............................................................................................. 11 3.6 Triggering Facebook Sign-in from HTML Source ...................................................................................... 11

4. Twitter ................................................................................................................................................. 12 4.1 Prerequisites ........................................................................................................................................... 12 4.2 Creating a Twitter App ............................................................................................................................ 12 4.3 Linking Twitter App to Odyssys Manager ................................................................................................ 14 4.4 Triggering Twitter Sign(in from HTML Source .......................................................................................... 14

5. LinkedIn ............................................................................................................................................... 14 5.1 Prerequisites ........................................................................................................................................... 14 5.2 Creating a LinkedIn App .......................................................................................................................... 14 5.3 Linking LinkedIn App to Odyssys Manager .............................................................................................. 16 5.4 Triggering LinkedIn Sign-in from HTML Source ........................................................................................ 17

6. PayPal Express Checkout ..................................................................................................................... 17 6.1 Prerequisites ........................................................................................................................................... 17 6.2 Setting up PayPal Express Checkout ........................................................................................................ 17 6.3 Linking PayPal Account to Odyssys Manager .......................................................................................... 18

7. Facebook Wi-Fi .................................................................................................................................... 19 7.1 Prerequisites .......................................................................................................................................... 19 7.2 Setting up Facebook Wi-Fi in Odyssys.................................................................................................... 19 7.3 Registering your Captive Portal with Facebook ...................................................................................... 20 7.4 Pairing your Captive Portal with Facebook ............................................................................................. 21 7.5 Un-pairing your Captive Portal. .............................................................................................................. 22


1. Introduction

1.1 Authentication Provider Menu

Authentication providers are enabled from the Auth Providers menu. Click Captive Portals, select the portal you're interested in, and then select the Auth Providers tab.

Click 'Add Provider'


Provide a Group Name to distinguish users that sign up for this method will be assigned. The other settings are optional. Click 'Add Provider' and fill out the necessary information. More details are available in the relevant section below.

1.2 Gateway Configuration

Before you can start using a supported 3rd party authentication provider, you must first configure your gateway to allow access to the domains specified under Captive Portals > Your Captive Portal > General Info > Show Walled Garden IPs. The list shows only the IPs/domain names required for enabled authentication providers. Details of how to whitelist IPs/domain names can be found in the configuration guide provided for your chosen gateway type.

2. Google+/Google Apps

2.1 Prerequisites

A Google Account that allows you to access the Google Developers Console. Discuss your needs with your Google Administrator if you do not have the required permissions.

2.2 Set up a Google Developers project

Go to https://console.developers.google.com/ and click 'Create Project'

https://console.developers.google.com/


Enter a descriptive name for your project; change the Project ID if necessary and tick the second checkbox to confirm you agree with Google's Terms of Service.

After a short while, the project should be created.

2.3 Enable Google+ API

In the Google Developers Console, click the project name, click the menu APIS & AUTH on the left-hand side and then APIs.


In the list on the right-hand side, scroll down to the entry “Google+ API” and click the corresponding “OFF” button to turn it to “ON”. In the resulting pop-up, tick the checkbox to confirm you agree to the required Terms of Service.

The Google+ API then moves towards the top of the list.

2.4 Create a new Client ID

In the left-hand menu, under APIS & AUTH, select 'Credentials'. On the resulting page, select 'Create Client ID'.


In the Create Client ID pop-up:

1. Select 'Web Application' for Application Type 2. Enter 'https://manager.odyssys.net' -without quotes) 3. In the box labeled Authorized Javascript Origins, add the following two URLs:

http://manager.odyssys.net, https://manager.odyssys.net 4. In the box labeled Authorized Redirect URI, add the following line:

http://manager.odyssys.net/account/signin/google

2.5 Create the App Consent Screen

Click 'Create Client ID' to generate the required information. Before your App can be used, you must add some information that the end user will see when they decide whether to grant the App the permissions it requires. On the left-hand menu, under APIs & auth, click “Consent screen”.

Required settings are 'Email Address' and 'Product Name'; fill these out as necessary.

2.6 Linking Google Developer project to Odyssys Manager

Copy Client ID and Client Secret to App ID and App Secret, respectively, under Captive Portals > Auth Providers > Google > Edit Provider > Advanced Settings.

http://manager.odyssys.net/

https://manager.odyssys.net/

http://manager.odyssys.net/account/signin/google


On the 'General Settings' tab, you also need to add into the box entitled 'Domain', the primary Google Apps domain on your accounts; for example 'globalreach.eu.com'. You can find this under Admin > Domains for your Google Account, or consult your Google Administrator if you do not have access to this. If Google+ / Google Apps doesn't currently exist in the list of Authentication Providers, you can add it by clicking Add Provider and selecting it in the Authentication Provider Type drop-down. Once created, follow the instructions above.

2.7 Triggering Google + / Google Apps Sign-in from HTML Source

If you are opting to customise fully the HTML source for your captive portal, you need to bind the googleLoginSelected() JavaScript function to an onclick event on an element in the page (usually a button, but it could be a link, etc). For example: <input id="google_login_btn" type="button" class="xbtn" value="Google" onclick="googleLoginSelected();" /> This function is part of the portalscripts.js import that should already be in the <HEAD> section of the page source.


3. Facebook

3.1 Prerequisites

A Facebook account, upgraded to developer status. More information at: https://developers.facebook.com/docs/create-developer-account.

3.2 Creating a Facebook App

Go to https://developers.facebook.com/ Click Apps > Create a New App Click Apps > Create a New App.

Fill in details as appropriate; Display Name and Category are mandatory.

3.3 Basic App Setup

Go into Settings > Basic. Click 'Add Platform'.

https://developers.facebook.com/docs/create-developer-account

https://developers.facebook.com/


Click 'Website'

Copy the URL of your portal splash page, including portal ID (e.g. https://manager.odyssys.net/account/captivePortal/XXXXXX) into the Site URL and Mobile Site URL fields.


Now enter 'manager.odyssys.net' into the App Domains field. Also enter a relevant support email address into the Contact Email field. This is needed before the app can be switched to Public, and will be used in case users need support regarding the app. Click 'Save Changes'.

3.4 Setting the App live

Go to 'Status & Review' and change the setting “Do you want to make this app and all its live features available to the general public?” to “Yes”, then confirm in the pop-up. This prevents you having to add all testers to the Roles tab.

3.5 Linking Facebook App to Odyssys Manager

Copy Application ID and App Secret from App homepage (Dashboard page) to the relevant section under Captive Portals > Auth Providers > Facebook > Edit Provider > Advanced Settings.

If Facebook doesn't currently exist in the list of Authentication Providers, you can add it by clicking Add Provider and selecting Facebook in the Authentication Provider Type drop-down. Once created, follow the instructions above.

3.6 Triggering Facebook Sign-in from HTML Source

If you are opting to customise fully the HTML source for your captive portal, you need to bind the facebookLoginSelected()JavaScript function to an onclick event on an element in the page (usually a button, but it could be a link, etc). For example:


<input id="facebook_login_btn" type="button" class="xbtn" value="Facebook" onclick="facebookLoginSelected();" /> This function is part of the portalscripts.js import that should already be in the <HEAD> section of the page source.

4. Twitter

4.1 Prerequisites

A Twitter account. You can set this up at https://twitter.com/

4.2 Creating a Twitter App

Go to the Twitter Apps page at https://apps.twitter.com/ and log in with your Twitter account if necessary.

Click the 'Create New App' button to the top-right.


Fill out the details as necessary. Website should be the full URL of your portal splash page, and Callback URL should be the full URL of your portal success page; both are available from the General Information tab in the Captive Portal section of the Manager. Accept the Terms & Conditions and click “Create your Twitter Application”. Once the Application has been created, click into the new App, select the “Settings” tab and scroll down under the 'Callback URL” box.

Here, you should find the checkbox “Allow this application to be used to Sign in with Twitter”. Check this and then click “Update settings” at the bottom of the page.


4.3 Linking Twitter App to Odyssys Manager

Copy Application ID and App Secret from App homepage (Dashboard page) to the relevant section under Captive Portals > Auth Providers > Twitter > Edit Provider > Advanced Settings.

4.4 Triggering Twitter Sign(in from HTML Source

If you are opting to customise fully the HTML source for your captive portal, you need to bind the twitterLoginSelected()JavaScript function to an onclick event on an element in the page (usually a button, but it could be a link, etc); for example: <input class="xbtn" id="twitter_login_btn" onclick="twitterLoginSelected();" type="button" value="Twitter" /> This function is part of the portalscripts.js import that should already be in the <HEAD> section of the page source.

5. LinkedIn

5.1 Prerequisites

A LinkedIn account.

5.2 Creating a LinkedIn App

Go to https://www.linkedin.com/secure/developer in your browser, and sign in with your LinkedIn account if necessary.

https://www.linkedin.com/secure/developer


Click “Add New Application”.

Fill out all mandatory fields with the relevant information. Website URL – Your portal splash page can be used here OAuth User Agreement – ensure that at least r_basicprofile and r_emailaddress are selected. Upon submission, you should receive the following page:


Take a note of the API Key and Secret key, as these are needed for the Odyssys Manager integration.

5.3 Linking LinkedIn App to Odyssys Manager

If you do not have a note of your API key and Secret Key from the setup of your application, you can find it by clicking the name of your application and then scrolling down to the OAuth Keys section of the resulting page.


These should be added under Captive Portals > Auth Providers > LinkedIn > Edit Provider > Advanced Settings.

5.4 Triggering LinkedIn Sign-in from HTML Source

If you are opting to customise fully the HTML source for your captive portal, you need to bind the linkedinLoginSelected()JavaScript function to an onclick event on an element in the page (usually a button, but it could be a link, etc) For example: <input class="xbtn" id="linkedin_login_btn" onclick="linkedinLoginSelected();" type="button" value="LinkedIn" /> This function is part of the portalscripts.js import that should already be in the <HEAD> section of the page source.

6. PayPal Express Checkout

6.1 Prerequisites

A PayPal business account.

6.2 Setting up PayPal Express Checkout

Add PayPal Express Checkout as per adding any other Auth Provider; however before you are able to save the Provider, you must add at least one Billing Plan; ensure the Currency drop-down matches your desired currency (usually the local currency of your Portal location).


6.3 Linking PayPal Account to Odyssys Manager

Log into your account at https://www.paypal.com/ and click My Account > Profile > My Selling Preferences.

You should now be able to see a section entitled “Selling Online” On the line entitled API access, click “Update”.

If you are opting to customise fully the HTML source for your captive portal, you need to define specific named nested elements on the splash page, i.e.: <div id="expresscheckout">

https://www.paypal.com/


<table id="paypal_express_checkout"> <tbody> </tbody> </table> <input id="express_checkout_btn" type="submit" value="Submit" onclick="paypalPaidAccessSelected();" /> </div> This basic structure allows the system to insert billing plans automatically as you create them. If you are editing the HTML source after defining billing plans, try adding and then deleting an additional 'dummy' plan into the Auth Provider to trigger a rebuild.

7. Facebook Wi-Fi

7.1 Prerequisites

To use the Facebook Wi-Fi authentication provider, you must have administrative access to a Facebook page categorized under "Companies & Organizations" or "Local Businesses". It must also have a valid location/address. The full requirements can be found under https://www.facebook.com/help/126760650808045. In addition, as some gateways do not allow clients to choose the page they are redirected to after successfully authenticating, you must set your gateway's success page to the URL listed under General Info > Success Page URL if it provides the option to do so. You should also ensure that the "Enable Success Page" option is ticked under Pages > Success Page. Upon requesting the provided Odyssys success page URL, clients will be redirected to your Facebook page.

7.2 Setting up Facebook Wi-Fi in Odyssys

To enable Facebook Wi-Fi as an authentication provider for your captive portal, select "Captive Portals" from the left-hand navigation menu and then choose it from the list. Next, go to Auth Providers > Add Provider and select "Facebook Wi-Fi" from the "Authentication Provider Type" drop-down list.

https://www.facebook.com/help/126760650808045


You will then be prompted to enter a name for the user group (e.g. "My Facebook Wi-Fi users"), which your Facebook Wi-Fi users will be added to. Click "Add Provider " to confirm your changes.

7.3 Registering your Captive Portal with Facebook

To register your captive portal with Facebook, select Auth Providers > Facebook Wi-Fi. Then click "Edit Provider" and select the "Advanced Settings" tab. Click "Register Gateway". The following dialog should appear.


The "Name" that you provide will appear under the Facebook Wi-Fi settings of your Facebook page. You should give each Facebook Wi-Fi-enabled portal a unique name so that it can be easily identified later. It defaults to the name of the captive portal, however this may be changed if necessary. To proceed, click "Submit", and the following dialog should appear.

Before users can log in to your captive portal using their Facebook accounts, the captive portal must first be paired with your Facebook page. This is done via an external Facebook Wi-Fi configuration page, which is accessible via the link provided in the dialog. This step is deferred, however, to the next section. To proceed, click "Done" and then "Save".

7.4 Pairing your Captive Portal with Facebook

Once you have registered your captive portal and received your Gateway ID/Gateway Secret from Facebook, you will then need to choose which Facebook page your users will be redirected to after logging in. You do this by pairing your captive portal with a Facebook page. To pair your Facebook page with your captive portal, click "Edit Provider" under Auth Providers > Facebook Wi-Fi. Then, under the "Advanced Settings" tab, click the "Pair with Facebook" link. This should open up the Facebook Wi-Fi configuration page as shown below. If you have not logged in to Facebook, you will now be prompted to do so. Your Facebook account should have administrative privileges for the page you wish to pair with your captive portal.


To pair your captive portal with a Facebook page, select it from the drop-down list. The "Bypass Mode", "Session Length" and "Terms of Service" options may be set as desired. Once you are satisfied with your changes, click "Save Settings" and return to the Odyssys window/tab. Click the open dialog's "Save" button to confirm. Your captive portal is now paired with your Facebook page and users can log in using their Facebook accounts. To see which Facebook page a given captive portal has been paired with, or to revisit the Facebook Wi-Fi configuration page, select the "Advanced Settings" tab under Auth Providers > Facebook Wi-Fi. The provided link will be set to the name of your Facebook page.

7.5 Un-pairing your Captive Portal.

To see which captive portals have been paired with your Facebook page or to remove any existing associations, log in to the relevant page as an administrator and choose Settings > Facebook Wi-Fi. You should see a list of captive portals, each identified by the name you assigned in 7.3. If you decide to un-pair a captive portal, users will no longer be able to sign in to that portal using the Facebook Wi-Fi service. If you later wish to re-pair it, you can do so by following the steps in 7.4.

Global Reach Technology Ltd Craven House, 121 Kingsway London WC2B 6PA T +44 (0) 207 831 5630 [email protected] Copyright © Global Reach Technology Limited All rights reserved. Global Reach and the Global Reach logo are registered trademarks.

supported 3rd party authentication providers for odyssys · 2015. 4. 3. · authentication...

Documents