How to Implement Google Registration

This Help topic describes the steps for implementing guest registration using Google as a way to obtain end user information.

In this scenario, the Guest Registration portal provides the option to register as a guest or log into Google in order to complete the registration process. If the end user selects the Google option, ExtremeCloud IQ Site Engine OAuth to securely access the end user's Google account, obtain public end user data, and use that data to complete the registration process.

  NOTE: Guest OAuth (for example, Google, Yahoo) may not support native mobile browsers and display a “user agent” error. To access the network, use a standard browser application (e.g. Google Chrome).

Guest Registration using Google has two main advantages:

  • It provides ExtremeCloud IQ Site Engine with a higher level of user information by obtaining information from the end user's Google account instead of relying on information entered by the end user.
  • It provides an easier registration process for the end user. ExtremeCloud IQ Site Engine retrieves the public information from the end user's Google account and uses that information to populate the name and email registration fields.

This topic includes information and instructions on:

Requirements

These are the configuration requirements for Google Registration.

  • The ExtremeControl engine must have Internet access in order to retrieve user information from Google.
  • The ExtremeControl Unregistered access policy must allow access to the Google site (either allow all SSL or make allowances for Google servers).
  • The ExtremeControl Unregistered access policy must allow access to HTTPS traffic to the Google OAuth servers.
  • A Unique Google application must be created on the Google Developers page (see instructions below).
  • The Portal Configuration must have Google Registration enabled and include the Google Application ID and Secret (see instructions below).

Creating a Google Application

When implementing guest registration using Google, you must first create a Google application. This generates an Application ID and Application Secret that are required as part of the ExtremeCloud IQ Site Engine OAuth process. Use the following steps to create a Google application.

  1. Access the Google Developers page at https://console.developers.google.com/projectselector/apis/library.
  2. Log into your existing Developers account or create a new Developers account.
  3. Select the Create a project button.


    The New Project window opens.
  4. Enter a Project name and select Create.
  5. Select the Credentials link in the left-panel.



    The Credentials panel opens.
  6. Select the Create credentials button to open the drop-down list and select OAuth client ID.



    The Create client ID panel displays.
  7. Select Configure consent screen to open the OAuth consent screen panel.

  8. Select your email address, enter your product name, and enter the URL to any of the applicable resources for your company, then select Save.

    The Create client ID panel opens.

  9. Select Web application.

    The panel expands to display additional fields.

  10. Enter a name for the application in the Name field. Use a name that clearly indicates what its purpose is, for example, Extreme Networks Guest Registration.
  11. Enter an Authorized redirect URI in the following format https://<AccessControlengineFQDN>/google_oauth. Google uses the Authorized redirect URI to redirect the user back to the engine with an Access Token.
     NOTES:Google OAuth APIs require your engine's FQDN resolves to a top level domain (.com, .net, .edu, .org, .mil, .gov, or .int. You cannot use a domain not classified as top level (e.g. MyGateway.MyCompany.Local) or the engines IP address, which can require you to reclassify your domain and hosts.

    Use only lowercase when entering the host and domain suffix (e.g. .com).
  12. Enter the Authorized redirect URI for any additional ExtremeControl engines registering end-users via Google.
  13. Select Create.

    The OAuth client window displays, displaying your client ID and secret.
    s




    Your application is created and ready to use.

    You need to add the client ID and client secret to your portal configuration.

Portal Configuration

The client ID and client secret assigned during the creation of the Google application must be provided in the Portal Configuration in order for the entire process to complete properly.

  1. Open the Control > Access Control tab.
  2. In the left-panel tree, expand the Configuration > Captive Portals > Website Configuration > and select Guest Registration.

  3. In the Customize Fields section, select the Open Editor button to open the Manage Custom Fields window where you can change registration portal fields. Google registration uses only the First Name, Last Name, and Email Address fields, and the Display Acceptable Use Policy (AUP) option. All other fields only apply to regular guest registration. If the Display AUP option is selected, the captive portal verifies that the AUP has been acknowledged before redirecting the user to Google.
  4. Select the Google Registration checkbox.
  5. Select Edit.
  6. Enter the client ID in the Google App ID field and the client secret in the App Secret field.
  7. Select Save. Warning messages display stating that Verification Method and Sponsorship are not used for Google registration, and that an FDQN is required will be enabled.
  8. Enforce the new configuration to your engines.

How Google Registration Works

After you have configured Google registration using the steps above, this is how the registration process works:

  1. The end user attempts to access an external Web site. Their HTTP traffic is redirected to the captive portal.
  2. In the Guest Registration Portal, the end user selects the option to register using Google.
  3. The end user is redirected to the Google login. If Acceptable Use Policy option is configured, the captive portal verifies that the AUP has been acknowledged before redirecting the user to Google.
  4. When logged in, the end user is presented with the information that ExtremeCloud IQ Site Engine receives from Google.
  5. The end user grants ExtremeCloud IQ Site Engine access to the Google information and is redirected back to the captive portal where they see a "Registration in Progress" message.
  6. Google provides the requested information to ExtremeCloud IQ Site Engine, which uses it to populate the user registration fields.
  7. The registration process completes and network access is granted.
  8. The word "Google" is added to the user name so you can easily search for Google registration via the Registration Administration web page.

Special Deployment Considerations

Read the following deployment consideration prior to configuring Google Registration.

To allow traffic to your network via a wireless connection, create an L7 host record for the Unregistered Role on your Wireless Controller for accounts.google.com and gstatic.com. These domains are subject to change and can vary based on location.

Networks using DNS Proxy

Google Registration for networks redirecting HTTP traffic to the captive portal using DNS Proxy requires additional configuration.

In order for Google Registration to work properly with DNS Proxy, all domains/URLs necessary to properly load the Google web page must be added to the Allowed URLs/Allowed Domains section of the captive portal configuration. Otherwise, the ExtremeControl engine resolves DNS queries for these components to the ExtremeControl engine IP causing the page to not load properly.

As of February 2017, you must add the following domains in order for Google registration to work with DNS Proxy. This domain is subject to change and can vary based on location.

Accounts.google.com

Related Information

For information on related help topics: