10-14-2021 10:27 AM
I am trying to use the social login feature that was just released in SmartZone v6.0 but am running into significant roadblocks. I would like to know if anyone has managed to get this feature working and would be willing to share a sanitized version of their configuration. Specifically, I am trying to use Google for authentication only.
Support has helped me through a few hurdles, but even they do not have any documentation for this brand new feature and we seem to be stuck. This new feature in SmartZone seems very similar to the existing one in Unleashed, but the documentation for Unleashed doesn't solve our issues.
After whitelisting a whole pile of domains to support our Okta/Clever/SAML sign-in process, I managed to sign in with a Google account and get all the way to the point where it feels like I'm about to be authenticated and redirected back to the page I was trying to reach... when suddenly a new tab opens with the classic "generate 204" URL (the link varies based on the browser) and I'm not able to continue any farther.
I am starting to wonder if Ruckus released a feature that is not functional. Any help would be appreciated.
10-14-2021 12:02 PM
I havent tested the specific feature, but keep in mind that google is grealy limiting any logins (oauth2) in the embedded browsers. Any luck if you open the login in a "full" browser or on a desktop client? (although it seems you do get to the point that a username/password is asked so maybe its just a red herring)
10-14-2021 12:11 PM
All of my testing so far has been on desktop clients, I have not tried mobile yet. I have tried Edge, Chrome and Firefox so far. Interestingly I was able to complete authentication in Firefox since it allows you the option to "continue to an unsecure page" unlike the other browsers.
At this point it seems there might be a certificate issue, but I'm hoping someone might be able to come along and provide a write-up on how they got this feature working.
10-14-2021 01:51 PM
good to know... You might run into issues with google on mobile... (with the built-in, "captive portal" web browser).
Also.. some of the more annoying things is that since you have to whitelist so many hosts / urls for google login to work, a lot of the automatic captive portal detection might stop working, with less-than-ideal experiences for users.
01-20-2022 10:02 AM
Update for anyone following.
My case has been escalated to senior engineers within Ruckus. Support and I have gone back and forth for months but their recommended configuration is not working. I have gotten the distinct impression that the feature does not work. Documentation doesn't exist for this feature internally, and it seems my environment has been the guinea pig for Ruckus to test this feature in. Hopefully all the diagnostics, logs, and packet captures we've taken will help to produce a hotfix.
Best I can tell, the root of the problem appears to be that the final redirect in this whole authentication process attempts to send you to a completely different web portal (possibly a WISPr portal) than the one you configure a DNS entry and certificates for. As a result there's a major issue between the URL and the certificates and no modern browser is going to let that redirect happen.