PacketFence
Bug Tracking System
Main | My View | View Issues | Change Log | Roadmap
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001678PacketFencecaptive portalpublic2013-08-02 09:132014-12-22 20:02
ReporterKimHagen 
Assigned Tofdurand 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001678: Google oauth redirects back to captive portal before you can select yes/no to allow your site.
DescriptionOn the captive portal if you select Google ouath it will redirect you to the Google login, after this it will redirect you back to the captive portal.
(or first it will let you do your second-step authentication and then send you back to the captive portal page.)

If you then select the Google oauth again you will get on the page where you can accept your site to have access and if you select yes the network access progress-bar appears and you have access.

So you get 2 times the captive portal before you have access.
For the facebook oauth it is as you expect. (portal, login and then access)
TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Files

- Relationships

-  Notes
(0003375)
KimHagen (reporter)
2013-08-02 09:15

 This was on an iphone 5 and samsung Galaxy S3
(0003376)
fdurand (administrator)
2013-08-02 09:25

 Hello,
it mean that one of the domain your device try to reach is forwarded to packetfence.
So sniff dns traffic between packetfence and your device and add the missing domains in the list of Authorized domains in your google authentication source.

Regards
Fabrice
(0003380)
KimHagen (reporter)
2013-08-02 11:42
edited on: 2013-08-02 11:46

 Hello,
I did sniff the dns traffic and i see what happens, i do not know if this is suppose to happen.

On iphone i select my wifi profile for packetfence and it opens a captive portal window (which i think always goes to www.apple.com)

I login with the google option, it goes to the google login, then it tries to go to www.apple.com instead of the google "accept this site" site.

10.0.0.59 8.8.8.8 DNS 73 Standard query A www.apple.com
8.8.8.8 10.0.0.59 DNS 89 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.59 DNS 95 Standard query response A 173.194.66.84
10.0.0.59 8.8.8.8 DNS 75 Standard query A ssl.gstatic.com
8.8.8.8 10.0.0.59 DNS 91 Standard query response A 173.194.66.120
10.0.0.59 8.8.8.8 DNS 78 Standard query A accounts.google.nl
8.8.8.8 10.0.0.59 DNS 94 Standard query response A 173.194.66.94

10.0.0.59 8.8.8.8 DNS 73 Standard query A www.apple.com
8.8.8.8 10.0.0.59 DNS 89 Standard query response A 10.0.3.254

10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 79 Standard query A www.packetfence.org
8.8.8.8 10.0.0.59 DNS 95 Standard query response A 67.205.85.245


From an android device you select the wifi, and then go to an url,
in my case www.tweakers.net and you get the captive portal,
i then use google auth and enter username and password.
Then the portal tries to go to www.tweakers.net before it goes to the google acceptance page.

10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.67 8.8.8.8 DNS 79 Standard query A www.packetfence.org
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 67.205.85.245
10.0.0.67 8.8.8.8 DNS 84 Standard query A www.google-analytics.com
8.8.8.8 10.0.0.67 DNS 304 Standard query response CNAME www-google-analytics.l.google.com A 173.194.34.71 A 173.194.34.70 A 173.194.34.66 A 173.194.34.78 A 173.194.34.72 A 173.194.34.73 A 173.194.34.64 A 173.194.34.69 A 173.194.34.68 A 173.194.34.67 A 173.194.34.65
10.0.0.67 8.8.8.8 DNS 76 Standard query A mtalk.google.com
8.8.8.8 10.0.0.67 DNS 121 Standard query response CNAME mobile-gtalk.l.google.com A 173.194.78.188
10.0.0.67 8.8.8.8 DNS 74 Standard query A www.google.com
8.8.8.8 10.0.0.67 DNS 170 Standard query response A 173.194.66.99 A 173.194.66.104 A 173.194.66.147 A 173.194.66.103 A 173.194.66.105 A 173.194.66.106
10.0.0.67 8.8.8.8 DNS 79 Standard query A clients1.google.com
8.8.8.8 10.0.0.67 DNS 279 Standard query response CNAME clients.l.google.com A 173.194.34.78 A 173.194.34.69 A 173.194.34.68 A 173.194.34.71 A 173.194.34.65 A 173.194.34.64 A 173.194.34.67 A 173.194.34.73 A 173.194.34.66 A 173.194.34.70 A 173.194.34.72
10.0.0.67 8.8.8.8 DNS 84 Standard query A productforums.google.com
8.8.8.8 10.0.0.67 DNS 203 Standard query response CNAME groups.l.google.com A 173.194.66.100 A 173.194.66.113 A 173.194.66.139 A 173.194.66.102 A 173.194.66.138 A 173.194.66.101
10.0.0.67 8.8.8.8 DNS 75 Standard query A csi.gstatic.com
8.8.8.8 10.0.0.67 DNS 91 Standard query response A 173.194.32.175
10.0.0.67 8.8.8.8 DNS 73 Standard query A www.google.nl
8.8.8.8 10.0.0.67 DNS 89 Standard query response A 173.194.66.94
10.0.0.67 8.8.8.8 DNS 78 Standard query A accounts.google.nl
8.8.8.8 10.0.0.67 DNS 135 Standard query response CNAME accounts-cctld.l.google.com A 173.194.66.94

10.0.0.67 8.8.8.8 DNS 75 Standard query A www.tweakers.nl
8.8.8.8 10.0.0.67 DNS 91 Standard query response A 10.0.3.254

10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 10.0.3.254 HTTP 686 GET /access?destination_url=http%3A%2F%2Fwww.packetfence.org%2F HTTP/1.1

It looks like it redirects to the requested url before google acceptance page.

Regards,
Kim
(0003390)
KimHagen (reporter)
2013-08-12 06:04

 The problem i had is gone, i think it was because i used inline interface in dns instead of management interface.

Regards,
Kim
(0003616)
delta (reporter)
2014-11-29 08:28

 On the captive portal if you select Google ouath it will redirect you to the Google login, after this it will redirect you back to the captive portal
(0003617)
delta (reporter)
2014-11-29 08:28

 can help
(0003628)
fdurand (administrator)
2014-12-22 20:02

 Configuration issue

- Issue History
Date Modified Username Field Change
2013-08-02 09:13 KimHagen New Issue
2013-08-02 09:15 KimHagen Note Added: 0003375
2013-08-02 09:25 fdurand Note Added: 0003376
2013-08-02 11:42 KimHagen Note Added: 0003380
2013-08-02 11:46 KimHagen Note Edited: 0003380
2013-08-07 05:18 KimHagen Note Added: 0003388
2013-08-12 06:02 KimHagen Note Deleted: 0003388
2013-08-12 06:04 KimHagen Note Added: 0003390
2014-11-29 08:28 delta Note Added: 0003616
2014-11-29 08:28 delta Note Added: 0003617
2014-11-29 08:29 delta Tag Attached: captive portal
2014-11-29 08:29 delta Tag Detached: captive portal
2014-12-22 20:02 fdurand Note Added: 0003628
2014-12-22 20:02 fdurand Status new => resolved
2014-12-22 20:02 fdurand Resolution open => fixed
2014-12-22 20:02 fdurand Assigned To => fdurand

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker