hotspot with google account

RouterOS General
1

Hello,

is possible to use google account for authenticate hotspot user?

Thanks

2

Yes.

edit: You can access your Google account if you are an authenticated hotspot user.

3

:open_mouth:

i would like use google users account for login in hotspot instread of local radius. :smiley:

4

:open_mouth: No.

5

well, maybe you can. depends on what your RADIUS can do. maybe if you can teach RADIUS to interact with google via their API …

6

@normis: How can you do that? Does Google allow other applications use their customer database? That sounds dangerous for them. Do you have a link to the authentication API?

BTW: If I found one of my employees allowed a third party, off site application to hack my database, they would have something else to do tomorrow, since they wouldn’t have a job here.

7

Many Blogs offer to use Google credentials to sign in for making comments. Many web services allow “logging in” using google login (tripit.com for example):

https://developers.google.com/accounts/
http://blog.loginradius.com/2012/09/google-oauth-2-0-api-now-integrated-with-loginradius-saas-solution/
https://developers.google.com/accounts/docs/OAuth2

some discussion on the topic:
http://freeradius.1045715.n5.nabble.com/Oauth2-Google-td5513126.html

8

The person who allowed that would be unemployed here. No wonder these companies get hacked. :open_mouth:

9

nobody sees the passwords. the google api replies “OK” if the password matches.

10

consider this - in our country, most banks offer their banking acccount as “e-ID” for logging into other web services (libraries, voting systems, public documents from government etc). if that would be insecure, certainly some issues would arise very soon :slight_smile:

11

Thanks, normis. Maybe you are right, but I would not want to be the banking customer who had his/her account emptied due to something like that.

When I get a chance, I’ll take a look at the Google API and see if I can hack it.

edit: Maybe I am just paranoid, but I don’t allow login attempts from anywhere but my hotspot localnets. The RADIUS server firewall blocks everything else.

…and I mean “hack” as to insert code into the php/mysql code to interface with MikroTik, not get your user/passwords. :wink:

12

I think the ideal solution would be SAML v2 service provider support on the ros devices so that way you could authenticate against any trusted SAML v2 identity provider. You would have to configure the trust relationship so unknown users would not be an issue.