How to Implement Facebook Registration

---

This Help topic describes the steps for implementing guest registration using Facebook as a way to obtain end user information.

In this scenario, the Guest Registration portal provides the option to register as a guest or log into Facebook in order to complete the registration process. If the end user selects the Facebook option, NAC uses OAuth to securely access the end user's Facebook account, obtain public end user data, and use that data to complete the registration process.

Guest Registration using Facebook has two main advantages:

• It provides NAC with a higher level of user information by obtaining information from the end user's Facebook account instead of relying on information entered by the end user.
• It provides an easier registration process for the end user. NAC retrieves the public information from the end user's Facebook account and uses that information to populate the name and email registration fields.

This topic includes information and instructions on:

• Requirements for Facebook Registration
• Creating a Facebook Application
• NAC Portal Configuration for Facebook
• How Facebook Registration Works
• Special Deployment Considerations
  • Networks using DNS Proxy

Requirements

These are the configuration requirements for Facebook Registration.

• The NAC Appliance must have Internet access in order to retrieve user information from Facebook.
• The NAC Unregistered access policy must allow access to the Facebook site (either allow all SSL or make allowances for Facebook servers).
• A Unique Facebook application must be created on the Facebook Developers page (see instructions below).
• The NAC Portal Configuration must have Facebook Registration enabled and include the Facebook Application ID and Secret (see instructions below).

Creating a Facebook Application

When implementing guest registration using Facebook, you must first create a Facebook application. This generates an Application ID and Application Secret that are required as part of the NAC OAuth process. Use the following steps to create a Facebook application.

1. Access the Facebook Developers page at https://developers.facebook.com/apps/. If you already have a Developers account you can log in, otherwise you must create a Developers account.
2. Once logged in, click the Create New App button to open the Create a New App dialogue.
   
   
3. The Create a New App window opens. Enter a Display Name and select a category for your app. The Display Name is the name of the app that will be presented to the end-user when they grant NAC access to their Facebook information and should clearly indicate what its purpose is, for example, Extreme Networks Guest Registration. Click Create App.
   
   
4. The Dashboard view opens and displays information about the new app including an App ID and an App Secret.
   
   
5. In the left panel, select Settings.
6. Enter in a valid domain name for the NAC Appliances in the App Domains field in the right-panel Basic tab. For example, if the NAC Appliance to which users are connecting is NACAppliance.AbcCompany.com, enter "abccompany.com" in the App Domain field.
   
   
7. Enter a Contact Email.
8. Click Add Platform.

9. Select Website in the Add Platform options. The Platform window opens.

   

10. Enter the domain name you added in the App Domain field in step 5 in the Site URL field.
11. Click Save Changes.
12. In the Advanced tab, enter the Valid OAuth redirect URIs. A redirect URI is required to redirect the user back to the appliance with an Access Token that NAC uses to access the user account and retrieve the user data. The Redirection URI should be in the following format:
    
    https:// <NAC appliance FQDN>/fb_oauth
    
    A Redirection URI must be added for each NAC appliance where end users can register via Facebook.
    
    Scroll down and click Save Changes.
    
    
    
13. In the left panel, select Status & Review. In the right-panel you will see a top section with the question "Do you want to make this app and all its live features available to the general public?" Select Yes and confirm your selection.
    
    Under the Login Permissions section, you will see a list of default permissions that provide access to end user data. (For more information on setting permissions, see https://developers.facebook.com/docs/facebook-login/permissions#reference.)
    
    
14. Your application is created and ready to use. You must now add the App ID and App Secret to your NAC portal configuration.

NAC Portal Configuration

The Application ID and Application Secret assigned during the creation of the Facebook application must be provided in the NAC Portal Configuration in order for the entire process to complete properly.

1. Use the NAC Manager toolbar button to open the NAC Configuration window.
2. In the left-panel tree, expand the Portal icon and select Guest Registration.
   
   
3. In the Customize Fields section, click the "change" link to open the Manage Custom Fields window where you can change registration portal fields. Facebook registration uses only the First Name, Last Name, and Email Address fields, and the Display Acceptable Use Policy (AUP) option. All other fields only apply to regular guest registration. If the Display AUP option is selected, the captive portal will verify that the AUP has been acknowledged before redirecting the user to Facebook.
4. Select the Facebook Registration checkbox.
5. Enter the Facebook App ID and Facebook App Secret.
6. Click Save. You will see some warnings messages stating that Verification Method and Sponsorship are not used for Facebook registration, and that an FDQN is required and will be enabled.
7. Enforce the new configuration to your appliances.

How Facebook Registration Works

Once you have configured Facebook registration using the steps above, the registration process will work like this:

1. The end user attempts to access an external Web site. Their HTTP traffic is redirected to NAC’s captive portal.
2. In the Guest Registration Portal, the end user selects the option to register using Facebook.
3. The end user is redirected to the Facebook login. If Acceptable Use Policy option is configured, the captive portal will verify that the AUP has been acknowledged before redirecting the user to Facebook.
4. Once logged in, the end user is presented with the information that NAC will receive from Facebook.
5. The end user grants NAC access to the Facebook information and is redirected back to NAC's captive portal where they see a "Registration in Progress" message.
6. Facebook provides the requested information to NAC, which uses it to populate the user registration fields.
7. The registration process completes and network access is granted.
8. The word "Facebook" is added to the user name so that you can easily search for Facebook registration via the Registration Administration web page.

Special Deployment Considerations

Please read through the following deployment consideration prior to configuring Facebook Registration.

Networks using DNS Proxy

Facebook Registration for networks redirecting HTTP traffic to the NAC captive portal using DNS Proxy requires additional configuration.

In order for Facebook Registration to work properly with DNS Proxy, all domains/URLs necessary to properly load the Facebook web page must be added to the Allowed URLs/Allowed Domains section of the captive portal configuration. Otherwise, the NAC appliance will resolve DNS queries for these components to the NAC appliance IP causing the page to not load properly.

As of July 26, 2014, you must add the following domains in order for Facebook registration to work with DNS Proxy. These domains are subject to change and may vary based on location.

Facebook.com
fbstatic-a.akamaihd.net
fbcdn-profile-a.akamaihd.net
fbcdn-photos-c-a.akamaihd.net

---

Related Information

• Portal Configuration
• How to Set Up Registration