On Jul 10, 2018, at 6:37 AM, Zenon Mousmoulas <zmousm@noc.grnet.gr> wrote:
July 10, 2018 1:18 PM, "Rohith Asrk" <rohith.asrk@gmail.com> wrote:
I actually think I got my basics wrong here. Sorry for all the confusion. Please ignore the previous mail.
What I actually need is configuring the FreeRADIUS daemon to send requests to the API. And the API here needs token in the form of a authorization header or a querystring.
Can I configure FreeRADIUS to send HTTP requests to the API with bearer authorization in the headers? As of now, the rest module configuration looks like this <http://django-freeradius.readthedocs.io/en/latest/general/freeradius.html> [1].
The API is going to check for tokens in the headers or in the query strings and we want the FreeRADIUS instance to be an authorized user.
No mention of HTTP auth in the linked doc.
So rlm_rest supports a number of options for that, but not bearer. Just adding that as a header might work though:
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-avail...
It does, i've done it. map json "%{rest_subsc:POST https://${modules.rest[rest_subsc].username}:${modules.rest[rest_subsc].password}@${modules.rest[rest_subsc].server}:${modules.rest[rest_subsc].port}/oauthv2/token grant_type=client_credentialst}" { &control:Cache-TTL := '$.expires_in' &control:Tmp-String-0 := '$.access_token' &control:Tmp-String-1 := '$.token_type' } timer_record_rest_subsc if (&reply:REST-HTTP-Status-Code && (&reply:REST-HTTP-Status-Code != 200)) { fail } # Access token should be pre-base64 encoded by the server update control { &REST-HTTP-Header += "Authorization: Bearer %{control:Tmp-String-0}" } # Issue request with new token rest The map/json/rest xlat are all specific to v4 for, so you'd need to figure out how to do it on your own in v3. I'd recommend caching the token using the cache module once you have it. -Arran