freeradius + jradius
Jim Shi
hanmao_shi at apple.com
Wed Sep 30 18:21:07 CEST 2015
Hi, Alan,
Thanks for the reply.
I assume you mean to add this sites-available/default:
update reply {
Reply-Message += "%{TLS-Client-Cert-Common-Name}"
}
In the jradius, which radius packet attribute will contain the CN value?
Thanks
Jim
> On Sep 30, 2015, at 6:17 AM, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Sep 29, 2015, at 7:50 PM, Jim Shi <hanmao_shi at apple.com> wrote:
>> Hi, I would like to use freeradius radius for verify client certificate (EAP - TLS) (authentication), and use jradius (which is java code) for authorization.
>>
>> In jradius, I need access the CN of client certificate for authorization. Is that possible?
>
> In v2, yes. See raddb/sites-available/default. Look for TLS-Client-Cert...
>
>> That is, I would like freeradius to put client certificate’s CN in the radius packet before sending to jradius for authorization.
>
> Just follow the example above and it will work.
>
> Note that in v3, there is no jradius module. It was unmaintained, and therefore removed. I'd recommend using a REST API in v3 instead.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list