Authenticating Users with Google Cloud Identity
-
@leonida368 said in Authenticating Users with Google Cloud Identity:
but since at my client the teachers alternate within the class in a few minutes
Give the teachers the 'rights' to use this button :
With one click : all users disconnected.
Check also here : Diagnostics > Limiter Info
The entries (pipes actually) still shown are the devices you've listed under :
@leonida368 said in Authenticating Users with Google Cloud Identity:
(we saw it together just go back in this discussion)
I remember. I can't reproduce that. My "Idle timeout (Minutes)" seems to work fine.
-
Hi @Gertjan, thank you for the idea, but thinking that a teacher can connect to Pfs go to Status / Captive Portal and carry out operations is truly as unfeasible as possible.
Furthermore, the user must log out only himself, not everyone together, because everyone has different end times for the lesson.
Since we have now enabled popups on the customer's devices, couldn't we try to make the logout popup work? Or find another way for the user to log out? Thank you -
@leonida368 said in Authenticating Users with Google Cloud Identity:
thank you for the idea, but thinking that a teacher can connect to Pfs go to Status / Captive Portal and carry out operations is truly as unfeasible as possible.
Can't trust teachers ? Woow. There are some strange places these days.
But I wasn't saying you had to give the teacher the admin account. It's very possible to create another pfSense user and give this 'teacher' user only limited access, like the captive portal status page, where he can log them all out, or just some.@leonida368 said in Authenticating Users with Google Cloud Identity:
Since we have now enabled popups on the customer's devices, couldn't we try to make the logout popup work?
Work or not, most hand hold devices (phones etc) don't use the default browser as the browser to login to a captive portal. For example, the browser the iPhones use, is a subnet browser of safari, not the system user default browser, so no cookies, no session keeping. And this browser doesn't allow popups.
Other devices, like ordinary windows based PCs and laptop behave fine.And even if the popup was dismissed (close), visiting again the portal login URL :
https://portal.your-domaine.tld:8003/index.php?zone=CPZONEwill not show the login page, as the user is already logged in, but the logout page, with a logout button.
@leonida368 said in Authenticating Users with Google Cloud Identity:
couldn't we try to make the logout popup work?
It isn't broken.
The fact that your Idle timout isn't working 'very well' is already strange. It's a core pf functionality, and isn't pfSense, but actually build into kernel FreeBSD.
As soon as you you what's wrong, you've solved your issue.@leonida368 said in Authenticating Users with Google Cloud Identity:
Or find another way for the user to log out?
All possible ways are already mentioned.
I haven't found any other ways in the manual (the source code).Recently, a new method was created.
Look on the forum (captive portal) for the "DHCP 114" method.
It's an upcoming RFC draft. Apple (and Microsoft and the original Samsung OS phones - clone OSes : no yet).
I have no, under the SSID properties a link to a portal "Status page". The URL I gave the the status page is the logout URL. So no need to type it the URL mentioned above.
To use this "DHCP 114" method, no need to edit any pfSense file.
There is just one PHP file to upload.
You have to use ISC DHCP, not KEA, as you have to add a DHCP option. Number 114.The value of the option, type is String, must be :
"https://portal.your-domaine.tld:8003/rfc8910.php?zone=cpzone1"
Where 'portal.your-domaine.tld' is the HTTPS server name of the portal.
8003 is the TLS port used.
'rfc8910.php' is the name of the file you've uploaded.
'cpzone1' is the name of the SSID zone.
