enterprise-wifi.net: API to create installers from FR config?

Alan DeKok aland at deployingradius.com
Fri Apr 5 15:55:31 CEST 2019


On Apr 4, 2019, at 9:43 AM, 1x-config Information <info at 1x-config.org> wrote:
> so I have this wild idea. To generate secure enterprise Wi-Fi
> installers, the system needs to know some deployment details from the
> RADIUS configuration.
> 
> These are typically entered by the admin-to-be interactively via the
> service's web interface.
> 
> But the thing also has an API. And FreeRADIUS config contains many of
> the configuration details itself.

  Very true.

> So: what if there were a script in FR sources which could extract
> 
> - EAP types that are configured
> - CAs for server identification
> - server name (CN, sAN:DNS in the server certificate)
> 
> and ask a few tiny details from the admin which are not directly in the
> config:
> 
> - SSID that is to be configured
> - an email address of the admin-to-be so can administer his settings later
> - optionally a pretty-print name for the server ("My great Home Wi-Fi")
> - more optional things, none of which are essential; I can send a
> detailed list

  Sure.

> (this would either be asked interactively or be placed in a dedicated
> config file)
> 
> Then, use the enterprise-wifi.net API to generate a ready-to-use
> deployment, making installers for that specific RADIUS server directly
> available!
> 
> I am not a pro in parsing the FR configs, but I can give a hand in
> explaining API access to get that done.

  The configs aren't too hard to parse. :)

> I could even imagine that installers generated via the API from
> FreeRADIUS get their own dedicated branding (FreeRADIUS name and/or
> logo) so that there's some brand visibility in it for FreeRADIUS as well.

  I like that. :)

> API calls are all JSON; just POST them. I can create an API key which
> can then attribute those calls to a distinct "FreeRADIUS" installer group.
> 
> If that's something you feel like doing, get back to me. I'll provide a
> sample API call to create a new Identity Provider entity in the system
> as a follow-up.

  I think it's worth doing.  Ideally, we can have a tool supplied by FreeRADIUS which reads the config, pokes the API, and prints out a URL where the installers can be downloaded.

 That shouldn't be complex.  I'm not sure we can get it done before 3.0.19 rolls out, but definitely for the next release.

  Alan DeKok.




More information about the Freeradius-Devel mailing list