0

Im building a large network of AP with captive portal deployments, each AP has its own internet connection, managed by routers I don't have access to.

I can manage the APs through a cloud controller. The cloud controller allows me to allow/restrict subnets.

I am using Facebook and Twitter OAuth in order to grant clients access on the network. however, I can’t allow the entire IP range Facebook has as that would defeat the purpose of a captive protal.

That being said I need some sort of proxy on my network that allows the authentication in order to avoid allowing the Facebook IP ranges on the controller.

Does anyone have any idea how i should proceed? I tried some PHP proxies with hotlinking like GlypeProxy, but no luck.

Andrei Tomescu
  • 11
  • So the users aren't going to be allowed to use Facebook and Twitter even after they log in? – Michael Hampton Jul 16 '15 at 18:41
  • 1
    @MichaelHampton they are allowed after they are logged in. The main thing is that if allow the Facebook and Twitter subnets from the AP cloud controller, if they use their browser to navigate to facebook.com while they are guest they're allowed. I would like to find a way to have something like http://facebook.captive.com that will manage the connection with Facebook. – Andrei Tomescu Jul 16 '15 at 18:47
  • That should not be difficult, but you forgot a lot of important information, such as how you set up the network, the devices you are using, etc. – Michael Hampton Jul 16 '15 at 18:54
  • @MichaelHampton The APs are in different geographical regions, they are not part of the same network, do not have a common router, DNS server, etc. this makes things a little bit harder. They're deployed in bars, shops and the hardware routing packets are just standard consumer-grade routers I don't manage. I'm able to manage is the client flow in the guest portal (what pages he visits). I was thinking that allowing my IP range to be accessible while in captive state and tunnelling the client traffic through something like http://proxy.captive.com/url=facebook.com/auth would work. – Andrei Tomescu Jul 16 '15 at 19:05
  • That's quite clear. You join the proxy, proxy join the entire www, to reach facebook & twitter painlessly. The question is how managing OAuth from proxy to AP, I wonder - as a OAUth non-expert. – ArchiT3K Jul 31 '15 at 08:14

0 Answers0