On Jan 2, 2019, at 4:39 AM, Daniel Kong <daniel.kongyh@gmail.com> wrote: ... Please edit your replies. There's no need to include 100's of lines of the previous message at the bottom of your post. We've seen it already, and we don't need to see it again.
I get status 401 (unauthorized) is because the site is protected. By disabling the rest security on the 3rd party application, it can successfully send the request and get the response, which I have posted previously by including the username and password for http basic authentication.
OK... I'm not sure why you're "protecting" a REST API from FreeRADIUS. But whatever...
connect_uri = "http://10.18.6.22:8081/apps" authenticate { uri = "${..connect_uri}/user/%{User-Name}/%{User-Password}" method = "get" force_to = "json" * require_auth = yes* * auth = "basic"* * username = "test"* * password = "password123"* tls = ${..tls} }
Since by specifying those required attributes is not working,
What does that mean? You should be able to look at either the FreeRADIUS logs, or the REST server logs to see what's going on.
so I have tried to include REST-HTTP-Header, but it doesn't work as well.
connect_uri = "http://10.18.6.22:8081/apps" authenticate { uri = "${..connect_uri}/user/%{User-Name}/%{User-Password}" method = "get" force_to = "json" * REST-HTTP-Header = "Authorization: Basic aW5ldHVzZXI6cGFzc3dvcmQxYXBw"* tls = ${..tls} }
I am also getting a 401 while trying to send the request. Where is the problem?
Without detailed information (i.e. logs), there's no way to tell. You have to figure out what's going on. You can't just change the configuration and hope it will now magically work.
I have tried very hard to understand the return json format from the API itself, but the information provided is insufficient. I understand it has a pair of value which consist of attribute and value. That's why in my above tryout which I tried to put a "result" and "message" attribute. But radius doesn't recognize this two vendor attribute.
You need to have the API return json, in the format described in mods-available/rest. Something like this should work: "User-Name": { "op":"=", "value":"bob" }
So my question is what is actually needed to pass back to radius? Is it by specifying 200 (OK) and 401 (Unauthorized) is sufficient for radius to process?
The REST module documentation describes what HTTP codes the REST server should return. I've already said this. Please read the documentation. Alan DeKok.