External HTTPS authentication
Thiago A. V. Lima
tavl at gprt.ufpe.br
Wed Nov 28 22:00:15 CET 2012
Hello mailing list.
What I'm actually trying to accomplish is this:
I already have a modified version of an OpenID server, that doesn't require
any user/password. The whole authentication is based on EAP-TLS between the
browser and the Apache server, using the certificate email to identify the
current user. (I control the whole CA chain, so I can trust the
certificate embedded emails).
I'd like to make FreeRADIUS "forward" the user certificate (client side,
WPA2-Enterprise scheme certificate, I mean) to my OpenID (Apache server
with EAP-TLS) and, if the connection is correctly established, authenticate
the user and move him to the correct VLAN. This way, I could have an
integrated network and services (single sign-on) authentication process,
"completely" transparent to the end-user (except for the network
So, if there was any already available module that could, for example,
authenticate the RADIUS user using a "foreign" webservice or something like
that, I think I could modify/adapt it to my EAP-TLS scenario.
Any suggestions?
Thanks in advance and congratulations for the nice community,
--
Thiago Lima
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121128/e1616e15/attachment.html>
More information about the Freeradius-Users
mailing list