Hi Arran and Zenon, Thank you for your replies. I've tried configuring my authorize section to send a token in the bearer header whenever a authorize request is sent. I've failed at doing it maybe because I'm a beginner to FreeRADIUS. My authorize section looks like the following. authorize { uri = "${..connect_uri}/api/authorize/" method = 'post' body = 'json' data = '{"username": "%{User-Name}", "password": "%{User-Password}"}' tls = ${..tls} # Confused about this section. update control { &REST-HTTP-Header += "Authorization: Bearer token123" } rest } I tried testing it using the radtest command. I see that there are no headers being set. I'm using FreeRADIUS version 3.0.15 on Fedora (Redhat). Can you please help me out with this? On Tue, Jul 10, 2018 at 5:12 PM, Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
On Jul 10, 2018, at 6:37 AM, Zenon Mousmoulas <zmousm@noc.grnet.gr> wrote:
July 10, 2018 1:18 PM, "Rohith Asrk" <rohith.asrk@gmail.com> wrote:
I actually think I got my basics wrong here. Sorry for all the confusion. Please ignore the previous mail.
What I actually need is configuring the FreeRADIUS daemon to send requests to the API. And the API here needs token in the form of a authorization header or a querystring.
Can I configure FreeRADIUS to send HTTP requests to the API with bearer authorization in the headers? As of now, the rest module configuration looks like this <http://django-freeradius.readthedocs.io/en/latest/ general/freeradius.html> [1].
The API is going to check for tokens in the headers or in the query strings and we want the FreeRADIUS instance to be an authorized user.
No mention of HTTP auth in the linked doc.
So rlm_rest supports a number of options for that, but not bearer. Just adding that as a header might work though:
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/ raddb/mods-available/rest#L84
It does, i've done it.
map json "%{rest_subsc:POST https://${modules.rest[rest_ subsc].username}:${modules.rest[rest_subsc].password}@${ modules.rest[rest_subsc].server}:${modules.rest[rest_subsc].port}/oauthv2/token grant_type=client_credentialst}" { &control:Cache-TTL := '$.expires_in' &control:Tmp-String-0 := '$.access_token' &control:Tmp-String-1 := '$.token_type' }
timer_record_rest_subsc
if (&reply:REST-HTTP-Status-Code && (&reply:REST-HTTP-Status-Code != 200)) { fail }
# Access token should be pre-base64 encoded by the server update control { &REST-HTTP-Header += "Authorization: Bearer %{control:Tmp-String-0}" }
# Issue request with new token rest
The map/json/rest xlat are all specific to v4 for, so you'd need to figure out how to do it on your own in v3. I'd recommend caching the token using the cache module once you have it.
-Arran
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html