RADIUSdesk

Trace: coova_json activity_monitor

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
user_guide:chilli:coova_json [2021/02/04 08:00] – [status] adminuser_guide:chilli:coova_json [2021/02/04 09:07] (current) – [logoff] admin
Line 96: Line 96:
  
 ==== logon ==== ==== logon ====
 +  * The logon process consists of three calls
 +        * Doing a status call to get the latest challenge from the status reply
 +        * Doing a call the the UAM encryption service on the RADIUSdesk back-end by calling the uam.php script.
 +        * Using the returned hash value together with the username to to a call to the JSON login end-point.
 +
 +=== Get the latest challenge ===
 +  * Each time we do a call to the **status** end point we get a new challenge in the reply.
 +  * CoovaChilli remembers the last challenge it generated for a client (when they are not logged in) and uses that during the login process.
 +  * This is why its good practice to do a **status** call as step one of the login process to get a fresh challenge from CoovaChilli. (There is an expiry on the challenge which is why we go this route to ensure we have a current value that has not expired yet)
 +  * The call to the status end point was already covered earlier in the document. From it you can see there is a **challenge** item.
 +
 +=== Encrypt the Challenge and Password ===
 +  * RADIUSdesk includes a UAM service that takes the challenge, the user's password along with a common uam secret to generate a encrypred value that it uses on the logon end point to authenticate the user.
 +  * Here is a sample call that you can use as reference
 +  * http://hotspot.radiusdesk.com/login/services/uam.php?callback=jQuery331012987580313312852_1612418453858&challenge=e04003303e72cdd7fd30ef11af977985&password=click_to_connect&_=1612418453861
 +  * And here is the result
 +<code javascript>
 +jQuery331012987580313312852_1612418453858(
 +   {
 +       'response':'7215ee77b34e83ced8f816ec3f2bf2c3'
 +    }
 +)
 +</code>
 +
 +<WRAP center round tip 90%>
 +  * You will replace **hotspot.radiusdesk.com** with the FQDN or IP Address of your own server
 +</WRAP>
 +
 +=== Call the logon JSON endpoint ===
 +  * We can now use the response as the value of **password** when we do the logon JSON call
 +  * http://10.1.0.1:3990/json/logon?callback=jQuery331012987580313312852_1612418453858&username=click_to_connect%40demo1&password=7215ee77b34e83ced8f816ec3f2bf2c3&_=1612418453862
 +  * Alternative format
 +<code javascript>
 +{
 + "GET": {
 + "scheme": "http",
 + "host": "10.1.0.1:3990",
 + "filename": "/json/logon",
 + "query": {
 + "callback": "jQuery331036884032348716045_1612421095535",
 + "username": "click_to_connect@demo1",
 + "password": "7215ee77b34e83ced8f816ec3f2bf2c3",
 + "_": "1612421095539"
 + },
 + "remote": {
 + "Address": "10.1.0.1:3990"
 + }
 + }
 +}
 +</code>
 +
 +  * And here's the response of a successful logon
 +
 +<code javascript>
 +{
 + "version": "1.0",
 + "clientState": 1,
 + "nasid": "ZA-VM1",
 + "redir": {
 + "originalURL": "http://detectportal.firefox.com/success.txt",
 + "redirectionURL": "",
 + "logoutURL": "http://10.1.0.1:3990/logoff",
 + "ipAddress": "10.1.0.2",
 + "macAddress": "28-D2-44-20-04-8D"
 + },
 + "session": {
 + "sessionId": "161241843700000001",
 + "userName": "click_to_connect@demo1",
 + "startTime": 1612418460,
 + "sessionTimeout": 180,
 + "terminateTime": 0,
 + "idleTimeout": 0
 + },
 + "accounting": {
 + "sessionTime": 0,
 + "idleTime": 0,
 + "inputOctets": 0,
 + "outputOctets": 0,
 + "inputGigawords": 0,
 + "outputGigawords": 0,
 + "viewPoint": "client"
 + }
 +}
 +</code>
 +
 +
 +==== logoff ====
 +  * The last JSON end point is **logoff**
 +  * Here is the call and the results
 +  * http://10.1.0.1:3990/json/logoff?callback=jQuery331012987580313312852_1612418453858&_=1612418453865
 +  * Alternative
 +
 +<code javascript>
 +{
 + "GET": {
 + "scheme": "http",
 + "host": "10.1.0.1:3990",
 + "filename": "/json/logon",
 + "query": {
 + "callback": "jQuery331036884032348716045_1612421095535",
 + "username": "click_to_connect@demo1",
 + "password": "d24ae9fbf467e62642d1f4963016aca6",
 + "_": "1612421095539"
 + },
 + "remote": {
 + "Address": "10.1.0.1:3990"
 + }
 + }
 +}
 +</code>
 +
 +  * Repsonse
 + 
 +<code javascript>
 +{
 + "version": "1.0",
 + "clientState": 0,
 + "nasid": "ZA-VM1",
 + "challenge": "efad131ebc031da777a4b7957eb58299",
 + "session": {
 + "sessionId": "161242107800000001",
 + "userName": "click_to_connect@demo1",
 + "startTime": 1612421102,
 + "sessionTimeout": 180,
 + "terminateTime": 0,
 + "idleTimeout": 0
 + },
 + "accounting": {
 + "sessionTime": 0,
 + "idleTime": 0,
 + "inputOctets": 0,
 + "outputOctets": 0,
 + "inputGigawords": 0,
 + "outputGigawords": 0,
 + "viewPoint": "client"
 + }
 +}
 +</code>
 +
 +  * As you can see the reply is pretty much the same than logon but the **clientstate** is now **0** meaning it logged off fine.
 +
  
-==== llogoff ==== 
  
  
Last modified: 2021/02/04 08:00