Solved: Re: ISE facebook integration

Qingguo Zhang · ‎06-26-2018

Hello team experts

We are planning to ingrate facebook for guest access in our SDA setup .

1. Do we need public IP for ISE to connect with facebook ? how does ISE know user facebook login status ?

2. If we need public IP of ISE, can it be a FQDN in the redirect URL , which is used for user to resolve a internal IP and for facebook to resolve to a public IP ?

thanks

Qingguo

Jason Kunst · ‎06-26-2018

https://communities.cisco.com/docs/DOC-73960 has all the information needed

No public IP is needed

OAUTH determines login token status

View solution in original post

Jason Kunst · ‎06-26-2018

https://communities.cisco.com/docs/DOC-73960 has all the information needed

No public IP is needed

OAUTH determines login token status

hslai · ‎06-26-2018

Adding to Jason's ...

On 1, ISE does not need a public IP for any of its interface. However, ISE does need allowed to initiate outbound connections to Facebook in the Internet.

On 2, ISE FQDN can resolve to a RFC 1918 address and Facebook will go to the real Facebook portal in the Internet.

Qingguo Zhang · ‎06-26-2018

Thanks hslai and Jason.

Any detailed call flow for facebook integration ?

Jason Kunst · ‎06-26-2018

I added some a pDF with screenshots to the bottom of this posting.

https://communities.cisco.com/docs/DOC-75003