Design question - proxying RADIUS auth request to a backend webservice
Alan DeKok
aland at deployingradius.com
Sun Feb 17 23:23:03 CET 2013
Walter Goulet wrote:
> I'm looking for some input from the experts to help validate a solution
> approach that I've come up with. The problem I'm trying to solve is that
> allow NAS equipment and other RADIUS clients to authenticate users
> against a proprietary authentication service that uses REST APIs over HTTP.
That works... provided that the backend is fast.
> The solution that I've put together is to use rlm_perl which allows me
> to use standard Perl modules to interact with the authentication
> service. I'm pretty happy with the results so far in that I am able to
> build exactly what I need and authentication against the webservice
> works just fine.
That's the real test: it works.
> The question to the list, are there other solution approaches that might
> be better? Any significant disadvantages to using rlm_perl as I've
> described? Would it be better to write a custom module instead, hoping
> that by doing so there may be some performance improvements?
In git "master" there's an rlm_rest module. That *might* be higher
performance.
But if it works, don't touch it until there are issues.
Alan DeKok.
More information about the Freeradius-Users
mailing list