Wi5stars-External Authentications
Administrator Manual
External Authentications

It allows you to define the parameters required to enable external user authentication procedures. External procedure refers to a social network, LDAP, OAuth requests, etc. that may identify the users and provide data to the system.

This page contains the following fields:

Social Networks

Field Description
Facebook App ID Facebook application ID.
Facebook App Secret Secret of Facebook application.
Twitter API Key Twitter application API key.
Twitter API Secret Secret of Twitter application.
Google Client ID Google client ID.
Google Secret Secret of Google application.
Google API Key Allows defining the Google API Key as to get the Google services privately.
To enable the services that are necessary for the proper functioning of the Wi5stars, please proceed as described in the “How you can get an API Key and enable the APIs“.
LinkedIn Client ID LinkedIn client ID.
LinkedIn Secret Secret of LinkedIn application.
Flickr API Key Flickr API key. It enables you to display the images from Flickr in the Welcome Portal. The activation is executed by templates.
Amazon Client ID Amazon client ID
Amazon Client Secret Secret of Amazon application.
VKontakte App ID VKontakte App ID
VKontakte App Secret Secret of VKontakte application.

Wi5stars allows you to integrate with some social networks to access authentication services and images and videos recovery. Users who connect to a hotspot can then log in through social networks Facebook, Twitter, Google+, LinkedIn, Amazon, VKontakte or a Custom OAuth server. Moreover, you can also get images and video content from other social networks such as: Flickr; YouTube.

To activate these features, it may be necessary to create applications, create pages or enter some definitions for each social network. For further details about how to retrieve the values to insert in the fields, please refer to the concerned section of this manual titled “Social Networks“.

LDAP Authentication

In this section, you can define the parameters necessary to integrate an LDAP authentication server in order to authenticate users with credentials of the local network.
As for OAuth, users will be shown an additional social network with the image, title and colour defined. By clicking, users will be sent back to the “URL of the Redirect Server” in which they have to enter their credentials. At the confirmation, the user will be redirected to the Welcome Portal to complete the initial registration as defined in the domain.

Manageable fields on this page are as follows:

Field Description
Server IP addresses or FQDN domains, separated by comma, with which to reach the LDAP server.
If you have to connect a port other than the standard (389), define the address or the domain and enter the port after the colon. Example: 192.168.0.5:12345
Domain Name Name of the domain assigned to the local network.
Organizational Units Name of the Organizational Units, containing the users of the LDAP that can authenticate. If a user is not part of the organizational units that have been specified, it will not be able to log in and so access to the internet.
Title Short title of the OAuth application displayed to users.
Background Color The background color displayed in the login App.
Text Color The background color displayed in the login App.
Image to Display Image to display in the Welcome Portal. Recommended size 32×32 pixels.

OAuth Custom Authentication

In this section, you can enter the parameters required to integrate a custom OAuth external authentication server in order to authenticate users as for social networks.
In practice, users will be shown an additional social network with the image, title and colour defined. By clicking, users will be sent back to the “URL of the Redirect Server” in which they have to enter their credentials. At the confirmation, user will be redirected to the Welcome Portal to complete the initial registration as defined in the domain.
To successfully complete the OAuth server configuration, you have to know the features and parameters required.

Manageable fields on this page are as follows:

Field Description
Title Short title of the OAuth application displayed to user.
Client ID Client ID for the custom OAuth authentication
Client Secret Client secret for the custom OAuth authentication.
OAuth Version Version of OAuth. The possible values are:
  • 1.0
  • 1.0a
  • 2.0
URL to Require the Initial Token URL of the OAuth server to require the initial token for OAuth servers 1.0 and 1.0a.
URL to Require the URL of the Access token URL of the OAuth server that returns the URL of the access token. In the URL, you can use the variable:
  • {SCOPE}
Access Token Type Type of access token to take when the OAuth server does not specify it.
URL of the Redirect Server URL of the OAuth server to redirect the user for the authentication request. In the URL, you can use the following variables:
  • {REDIRECT_URI}
  • {CLIENT_ID}
  • {SCOPE}
  • {STATE}
  • {API_KEY}
HTTP Method to Request Access Token Set this variable on POST if the OAuth server does not support the token request using the HTTP GET method. The possible variables are:
  • GET;
  • POST
HTTP Method that Returns the Access Token Set the method with which the access token is returned.
Define “HASH” if it is returned in GET with a hashtag.
The possible values are:
  • GET;
  • HASH
Field Name for the Access Token Name of the field returned in the HASH that contains the access token.
Field available only if you have selected “HASH” in “HTTP Method that Returns the Access Token”.
OAuth Parameters Passed through HTTP Authorization Enable this check if the OAuth server requires that the AOuth parameters are passed using HTTP authorization instead of the URL parameters of the request.
Required Permissions to the OAuth Server Based on the OAuth server documentation, define the identifiers of the authorization (Scope) that user must grant. More identifiers must be separated by commas.
URL of the API that Returns the User’s Data Based on the OAuth server documentation, define the API’s URL, completed with endpoint, which allows to obtain the user’s data.
Parameters Passed in the URL Enable this check if the API call requires that parameters be passed via URL.
Name of the Variable that Contains the Username Indicate the name of the variable, contained in the data returned by the OAuth authentication, which contains the username. Multiple field names can be passed, separated by commas. The first name available will be uploaded.
Name of the Variable that Contains the First Name Indicate, if available, the variable name, contained in the data returned by the OAuth authentication, which contains the user’s first name.
Name of the Variable that Contains the Last Name Indicate, if available, the variable name, contained in the data returned by the OAuth authentication, which contains the user’s last name.
Name of the Variable that Contains the Email Address Indicate, if available, the variable name, contained in the data returned by the OAuth authentication, which contains the user’s email address.
Background Color Background color displayed in the login App.
Text Color Text color displayed in the login App.
Image to Display Image to display in the Welcome Portal. The recommended size 32x32pixel.

If the OAuth server, for security reasons, provides for the declaration of the authorized URL for the requests, enter the following URL: http://DomainName/social/customoauth1login.php.