captive portal with Google Workstation
-
Hi, I wanted to configure pfsense to display a captive portal in which to enter Google Workstation credentials to access the Internet. I wanted to know: once I enter these credentials, will the device be registered so it will no longer be necessary to enter them, or will they be requested again after a certain period of inactivity? Thank you
-
@leonida368
Who registers what where ?I don't know what a "Google Workstation" is (Google makes devices now ?) but you can't grab some personal identification on a captive portal login page from an 'unknown' portal connected user, and then contact a Google API and ask : "Here is the user ID I have, is this ok ?"
edit : Google Workstation = Google doesn't know what that is neither. Now I'm getting curious ...
Without entering the rocket science stage, you can do this : FreeRadius on pfSense software for Two Factor Authentication
You can create your own captive portal login page, and ask a connected user whatever you want, but as soon as these are email addresses and other personal stuff, don't be surprised that no one want to connect to your portal.
Dealing with the info you've collected is a job you have to do yourself. This means probably some serious adapting of the existing code & scripts.A captive portal is meant to be used by people that you don't know, that you don't trust (= you don't want their devices on your trusted LAN), they don't know you, and these visitors just need an "Internet access" for some short time.
-
@Gertjan forgive me I meant Google Workspace (formerly Gsuite)
-
Let me get this clear : you want to collect the Google account info from some one (login and password to be entered on a captive portal login page) and then have pfSense check up with Google if the account info is valid ?
-
@Gertjan that's right, our client is a school that has a delivery with Google Workspace and all teachers have an account with it. The school director would like access to the Internet via browser to be subject to the inclusion of these credentials in a captive portal
-
You can setup Google Cloud as an authentication server and then use that.
https://docs.netgate.com/pfsense/en/latest/recipes/auth-google-gsuite.html
-
@stephenw10 ok thanks, in fact, this is exactly the article I intended to study. I just wanted to understand if the captive portal comes out every time after a certain period of inactivity or what the criterion is.
I ask you this, because the school has several devices on which various teachers work alternately and therefore they must be able to access from time to time with their Gogle Workspace account -
Ah, ok.
Something like this : Work or school Google Account ?
Which means the account that the potential portal users use has been created by the school.If so, ask the school's Google administrator ? as you'll be needing him.
Maybe Google has some API that permits you to do this .... and if so, then yeah, why not. -
The Captive Portal can be configured to do either.
-
@Gertjan said in captive portal with Google Workstation:
Ah, ok.
Something like this : Work or school Google Account ?
Which means the account that the potential portal users use has been created by the school.If so, ask the school's Google administrator ? as you'll be needing him.
Maybe Google has some API that permits you to do this .... and if so, then yeah, why not.yes I have already contacted the admin to do it, in the past I have already done it with Packetfence by creating an LDAP client in the Google Workstation admin console and then configuring the join with it. I just wanted to understand if the captive portal comes out every time after a certain period of inactivity or what the criterion is.
-
@stephenw10 ah ok. Thanks
-
hi @Gertjan thanks for the replies
