Configure rlm_rest module to allow token authentication
Rohith Asrk
rohith.asrk at gmail.com
Tue Jul 10 12:17:41 CEST 2018
I actually think I got my basics wrong here. Sorry for all the confusion.
Please ignore the previous mail.
What I actually need is configuring the FreeRADIUS daemon to send requests
to the API. And the API here needs token in the form of a authorization
header or a querystring.
Can I configure FreeRADIUS to send HTTP requests to the API with bearer
authorization in the headers? As of now, the rest module configuration
looks like this
<http://django-freeradius.readthedocs.io/en/latest/general/freeradius.html>
[1].
The API is going to check for tokens in the headers or in the query strings
and we want the FreeRADIUS instance to be an authorized user.
Links:
[1]:
http://django-freeradius.readthedocs.io/en/latest/general/freeradius.html
Thank you
Rohith ASRK
On Tue, Jul 10, 2018 at 12:15 PM, Rohith Asrk <rohith.asrk at gmail.com> wrote:
> Sorry Alan for not being specific in the previous mail.
>
> We want the RADIUS daemon to receive HTTP requests containing
> authorization headers like "Authorization: Bearer <token>" and authenticate
> users using this token. This is because we want only authorised users to
> use the APIs we've created in django-freeradius.
>
> This seems possible from django's end but not sure how it can be enabled
> in FreeRADIUS. If it is not possible, I just want to know if FreeRADIUS
> allows requests which contain authorization headers even if there is no
> support to authenticate against them. So that we'd put restrictions from
> the from our web interface and forward requests only if they contain the
> token in the header.
>
> Thank you.
> Rohith ASRK
>
> On Tue, Jul 10, 2018 at 2:45 AM, Alan DeKok <aland at deployingradius.com>
> wrote:
>
>>
>> > On Jul 9, 2018, at 5:07 PM, Rohith Asrk <rohith.asrk at gmail.com> wrote:
>> >
>> > I just want the FreeRADIUS daemon to receive such requests and probably
>> > extract the token from header and authenticate against it.
>>
>> "such requests"... again, what is in the requests? Which attribute in
>> the RADIUS packet are you using?
>>
>> You need to be specific here.
>>
>> And again, the rest module doesn't support custom authorization
>> headers. The module has documentation, and it works as documented.
>>
>> Figure out what RADIUS attribute has the information. Read the REST
>> documentation to see how to configure it. Then, configure the REST module
>> to use that RADIUS attribute.
>>
>> If you have specific questions, then ask *specific* questions. Right
>> now, all I know is you want something to do with RADIUS and HTTP. But you
>> haven't given any details which let me give you a specific answer.
>>
>> Q: Can I do stuff?
>> A: Yes, you can do stuff.
>>
>> Q: How?
>> A: I have no idea. It depends on what stuff you want to do
>>
>> Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
>> /users.html
>>
>
>
More information about the Freeradius-Users
mailing list