Adding Cleartext-Password for EAP requests (new module development)

Suneth Kariyawasam sunethnk at gmail.com
Wed Aug 11 16:12:44 CEST 2021


REST module works based on the HTTP response code and the response body
needs to be in a specific format if I am not mistaken (Please correct me if
I am wrong). This module will use a config similar to below where regex and
json-c pointer support is added to evaluate the response body.

openiam {
    connect_uri = "
http://officedepotpoc.openiam.com/idp/rest/api/auth/public/login"
    http_method = "POST"
    connect_timeout = 5000
    http_headers = '{"Host" : "freeradius.local", "Accept":
"application/json", "Content-Type" : "application/json" }'
    payload = '{ "login" : "%{User-Name}" , "password" : "%{User-Password}"
}'
    verify_status = '{"/status" : 200, "/error" : false, "/errorList" :
"^null$" ,"/tokenInfo/authToken" : ".*", "/passwordExpired" : false,
"/possibleErrors" : "^null$" }'
    reply_avp_map = '{ "Cisco-AVPair" : "/tokenInfo/authToken" }'
}


On Wed, Aug 11, 2021 at 7:38 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Aug 11, 2021, at 10:06 AM, Suneth Kariyawasam <sunethnk at gmail.com>
> wrote:
> >
> > I have gone through the code and the documentation but no luck.
>
>   There are literally hundreds of examples of adding attributes to a
> request.  Just pick a module and read it.
>
> > The module can be open sourced because it adds the support for
> > authorization from a RESTful API and parses the response based on the
> > JSON/XML fields, finally authorizes the request.
>
>   There's already a REST module which does that.  Why is there a need for
> a new module?
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html


More information about the Freeradius-Devel mailing list