Preface
- Text Conventions
- Platform-Dependent Conventions
- Providing Feedback to Us
- Getting Help
- Documentation and Training
About This Guide
- ABOUT THIS GUIDE
  - Notational Conventions
Introduction
- WiNG CLI Structure
User Exec Mode Commands
- USER EXEC MODE COMMANDS
  - user-exec-commands
Privileged Exec Mode Commands
- PRIVILEGED EXEC MODE COMMANDS
  - privileged-exec-commands
Global Configuration Mode Commands
- GLOBAL CONFIGURATION COMMANDS
  - global-config-commands
Common Commands
- COMMON COMMANDS
  - common-commands
    - clrscr
    - commit
    - exit
    - help
    - no
    - revert
    - service
    - show
    - write
Show Commands
- SHOW COMMANDS
  - show-commands
    - show
    - adoption
    - bluetooth
    - boot
    - bonjour
    - captive-portal
    - captive-portal-page-upload (show commands)
    - cdp
    - classify-url
    - clock
    - cluster
    - cmp-factory-certs
    - commands
    - context
    - critical-resources
    - crypto
    - database
    - device-upgrade
    - dot1x
    - dpi
    - environmental-sensor
    - event-history
    - event-system-policy
    - ex3500
    - extdev
    - fabric-attach
    - file
    - file-sync
    - firewall
    - global
    - gps (show command)
    - gre
    - guest-registration
    - interface
    - iot-device-type-imagotag
    - ip
    - ip-access-list-stats
    - ipv6
    - ipv6-access-list
    - l2tpv3
    - lacp
    - ldap-agent
    - licenses
    - lldp
    - logging
    - mac-access-list-stats
    - mac-address-table
    - macauth
    - mac-auth-clients
    - mint
    - ntp
    - password-encryption
    - pppoe-client
    - privilege
    - radius
    - reload
    - rf-domain-manager
    - role
    - route-maps
    - rtls
    - running-config
    - session-changes
    - session-config
    - sessions
    - site-config-diff
    - smart-rf
    - snmpv3 (show command)
    - spanning-tree
    - startup-config
    - t5
    - terminal
    - timezone
    - traffic-shape
    - tron (show command)
    - upgrade-status
    - version
    - vrrp
    - virtual-machine
    - wireless
    - web-filter
    - what
    - wwan
Profile Commands
- PROFILES
AAA Policy
- AAA-POLICY
  - aaa-policy-commands
Auto-Provisioning Policy
- AUTO-PROVISIONING-POLICY
  - auto-provisioning-policy-commands
Association-ACL Policy
- ASSOCIATION-ACL-POLICY
  - Association-acl-policy-commands
    - deny
    - permit
    - no
Access-List Policy
- ACCESS-LIST
DHCP Policy
- DHCP-SERVER-POLICY
  - dhcp-server-policy commands
  - dhcpv6-server-policy commands
Firewall Policy
- FIREWALL-POLICY
  - firewall-policy-commands
    - acl-logging
    - alg
    - clamp
    - dhcp-offer-convert
    - dns-snoop
    - firewall
    - flow
    - ip
    - ip-mac
    - ipv6
    - ipv6-mac
    - logging
    - proxy-arp
    - proxy-nd
    - stateful-packet-inspection-12
    - storm-control
    - virtual-defragmentation
    - no
MiNT Policy
- MINT-POLICY
  - mint-policy-commands
    - level
    - lsp
    - mtu
    - router
    - udp
    - no
Management Policy
- MANAGEMENT-POLICY
  - management-policy-commands
RADIUS Policy
- RADIUS-POLICY
  - radius-group
    - guest
    - policy
    - rate-limit
    - no
  - radius-server-policy
    - authentication
    - bypass
    - chase-referral
    - crl-check
    - ldap-agent
    - ldap-group-verification
    - ldap-server
    - local
    - nas
    - proxy
    - session-resumption
    - termination
    - use
    - no
  - radius-user-pool-policy
    - duration
    - user
    - no
Radio QoS Policy
- RADIO-QOS-POLICY
  - radio-qos-policy-commands
Role Policy
- ROLE-POLICY
  - role-policy-commands
Smart-RF Policy
- SMART-RF-POLICY
  - smart-rf-policy commands
WIPS Policy
- WIPS-POLICY
  - wips-policy-commands
WLAN QoS Policy
- WLAN-QOS-POLICY
  - WLAN-QOS-Policy commands
L2TPv3 Policy
- L2TPV3-POLICY
Router Mode Commands
- ROUTER-MODE
  - router-mode-commands
Routing Policy
- ROUTING-POLICY
  - routing-policy-commands
AAA_TACACS Policy
- AAA-TACACS-POLICY
  - aaa-tacacs-policy-commands
Meshpoint Policy
- MESHPOINT
Passpoint Policy
- PASSPOINT POLICY
  - passpoint-policy
Crypto-CMP Policy
- CRYPTO-CMP-POLICY
  - crypto-cmp-policy-instance
  - other-cmp-related-commands
    - use (other-cmp-related-commands)
    - show (other-cmp-related-commands)
Roaming-Assist Policy
- ROAMING ASSIST POLICY
  - roaming-assist-policy commands
Border Gateway Policy
- BORDER GATEWAY PROTOCOL
Controller Managed WLAN Use Case
- CREATING A FIRST CONTROLLER MANAGED WLAN

oauth

Enables OAuth-driven Google and/or Facebook authentication on captive portals that use internal Web pages.

To enable Google and Facebook captive-portal authentication:

Enforce captive-portal authentication on the WLAN to which wireless-clients associate. For information, see captive-portal-enforcement.
Set captive-portal Web page location to internal. For more information, see webpage-location.
Register your captive-portal individually on Google/FaceBook APIs and generate a client-id and client-secret. The client-ids retrieved during registration are the IDs for the application running on the access point/controller. The application uses these client-ids to access the Google and Facebook Auth APIs, and authenticate the guest client on behalf of the user.

If enabling OAuth-driven Google and/or Facebook authentication on the captive portal, use this command to configure the Google/Facebook client-ids. Once enabled, the captive portal landing page, displayed on the client‘s browser, provides the Facebook and Google login buttons.

Supported in the following platforms:

Access Points — AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP7632, AP7662, AP8163, AP8432, AP8533
Wireless Controller — RFS4010
Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

oauth

oauth client-id [facebook|google] <WORD>

Parameters

oauth

oauth

Execute this command without the associated keywords to enable OAuth on this captive-portal. If enabling OAuth, ensure the captive-portal Web page location is configured as advanced or external.

oauth client-id [facebook|google] <WORD>

oauth client-id [facebook|google] <WORD>

Configures the client-ids retrieved from the Google and Facebook API manager portals during registration

facebook – Configures the Facebook API client-id (is a 15 digit entity)
google – Configures the Google API client-id (is a 12 digit number)
- <WORD> – Provide the Facebook/Google client-id.

If the captive-portal Web page location is advanced or external, and you are enabling OAuth support, you need not configure the client-id. In such a scenario, the client-id is configured through the EGuest server UI and not the CLI.

Example (User Exec Mode)

nx7500-6DCD39(config-captive-portal-test2)#OAuth

nx7500-6DCD39(config-captive-portal-test2)#OAuth client-id Google xxxxxxxxxxxx.apps.googleusercontent.com Facebook yyyyyyyyyyyyyyy

nx7500-6DCD39(config-captive-portal-test2)#show context
captive-portal test2
 server host guest.social.com 
  oauth
  oauth client-id Google xxxxxxxxxxxx.apps.googleusercontent.com Facebook yyyyyyyyyyyyyyy

nx7500-6DCD39(config-captive-portal-test)#

In the above example,

xxxxxxxxxxxx - Is the 12 digit numeric part of your Google client-id.
yyyyyyyyyyyyyyy - Is the 15 digit Facebook client-id

Related Commands

no	Removes all OAuth client identities configured for this captive portal

Published August 2019prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback