crating a new inst in enterprise-wifi.net with API

Jorge Pereira jpereira at freeradius.org
Thu Apr 4 18:32:02 CEST 2019


Please, use the freeradius-users@ mailining list for that.

On Thu, Apr 4, 2019 at 10:44 AM 1x-config Information <info at 1x-config.org>
wrote:

> Hi,
>
> this works by sending this JSON construct to
> https://enterprise-wifi.net/admin/API.php:
>
> {
>     "ACTION": "NEWINST",
>     "APIKEY": "foobar123",
>     "PARAMETERS": [
>         {
>             "NAME": "general:instname",
>             "LANG": "en",
>             "VALUE": "Sample Identity Provider"
>         },
>         {
>             "NAME": "media:SSID",
>             "VALUE": "testSSID123"
>         }
>     ]
> }
>
>
> This returns an identifier for the institution. Save that for later and
> then create a new /profile/ with the actual EAP details:
>
> {
>     "ACTION": "NEWPROF-RADIUS",
>     "APIKEY": "foobar123",
>     "PARAMETERS": [
>         {
>             "NAME": "ATTRIB-CAT-INSTID",
>             "VALUE": the identifier you got earlier
>         },
>         {
>             "NAME": "eap:ca_file",
>             "VALUE": "-----BEGIN CERTIFICATE-----youknowthedrill-----END
> CERTIFICATE-----"
>         },
>         {
>             "NAME": "eap:server_name",
>             "VALUE": "radius.example.com"
>
>         },
>         {
>             "NAME": "ATTRIB-PROFILE-EAPTYPE",
>             "VALUE": 2 // this is PEAP; integer defined at
> https://github.com/GEANT/CAT/blob/release_2_0/core/common/EAP.php
>         },
>         {
>             "NAME": "profile:production",
>             "VALUE": "on" // publishes new entity immediately
>     ]
> }
>
> This returns an identifier for the new profile.
>
> With that all done, you'll find the new institution immediately on the
> download page.
>
> You can display the URL to the installers which is
>
> https://enterprise-wifi.net/?idp=<instid>&profile=<profileId> with the
> values from the return values above.
>
> The user still doesn't have a possibility to edit his settings on the
> website yet, so send him an authorisation token that binds his (Google)
> account to that new institution:
>
> {
>     "ACTION": "ADMIN-ADD",
>     "APIKEY": "foobar123",
>     "PARAMETERS": [
>         {
>             "NAME": "ATTRIB-ADMINID",
>             "VALUE": "an arbitrary identifier, such as root at hostname"
>         },
>         {
>             "NAME": "ATTRIB-CAT-INSTID",
>             "VALUE": identifier from the first API call again
>         },
>             "NAME": "ATTRIB-TARGETMAIL",
>             "VALUE": "firstname.lastname at foobar.com"
>         },
>
> }
>
> Which makes our system send out an invitation mail with a one-time
> sign-up token straight to the mail address. The API call will also
> return that same token, so you can display it in the command-line as
> well if you wish.
>
> And that's it.
>
> Greetings,
>
> enterprise-wifi.net
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html


More information about the Freeradius-Devel mailing list