crating a new inst in enterprise-wifi.net with API

1x-config Information info at 1x-config.org
Thu Apr 4 15:44:02 CEST 2019 

Hi,

this works by sending this JSON construct to
https://enterprise-wifi.net/admin/API.php:

{
    "ACTION": "NEWINST",
    "APIKEY": "foobar123",
    "PARAMETERS": [
        {
            "NAME": "general:instname",
            "LANG": "en",
            "VALUE": "Sample Identity Provider"
        },
        {
            "NAME": "media:SSID",
            "VALUE": "testSSID123"
        }
    ]
}


This returns an identifier for the institution. Save that for later and
then create a new /profile/ with the actual EAP details:

{
    "ACTION": "NEWPROF-RADIUS",
    "APIKEY": "foobar123",
    "PARAMETERS": [
        {
            "NAME": "ATTRIB-CAT-INSTID",
            "VALUE": the identifier you got earlier
        },
        {
            "NAME": "eap:ca_file",
            "VALUE": "-----BEGIN CERTIFICATE-----youknowthedrill-----END
CERTIFICATE-----"
        },
        {
            "NAME": "eap:server_name",
            "VALUE": "radius.example.com"

        },
        {
            "NAME": "ATTRIB-PROFILE-EAPTYPE",
            "VALUE": 2 // this is PEAP; integer defined at
https://github.com/GEANT/CAT/blob/release_2_0/core/common/EAP.php
        },
        {
            "NAME": "profile:production",
            "VALUE": "on" // publishes new entity immediately
    ]
}

This returns an identifier for the new profile.

With that all done, you'll find the new institution immediately on the
download page.

You can display the URL to the installers which is

https://enterprise-wifi.net/?idp=<instid>&profile=<profileId> with the
values from the return values above.

The user still doesn't have a possibility to edit his settings on the
website yet, so send him an authorisation token that binds his (Google)
account to that new institution:

{
    "ACTION": "ADMIN-ADD",
    "APIKEY": "foobar123",
    "PARAMETERS": [
        {
            "NAME": "ATTRIB-ADMINID",
            "VALUE": "an arbitrary identifier, such as root at hostname"
        },
        {
            "NAME": "ATTRIB-CAT-INSTID",
            "VALUE": identifier from the first API call again
        },
            "NAME": "ATTRIB-TARGETMAIL",
            "VALUE": "firstname.lastname at foobar.com"
        },

}

Which makes our system send out an invitation mail with a one-time
sign-up token straight to the mail address. The API call will also
return that same token, so you can display it in the command-line as
well if you wish.

And that's it.

Greetings,

enterprise-wifi.net

More information about the Freeradius-Devel mailing list