How to set values of authentication quintuplets received in a REST response from the AuC

Thu Feb 10 16:06:28 UTC 2022

hi All,

I'm trying to configure freeradius server to use REST to get EAP-AKA authentication vector. In fact, I'm sending a rest message to an HSS server which is generating the authentication vector and sending it back in JSON format to freeradius server in 200 OK message, here is an example of 200 OK message with json content:
{
 "_AUTN": "c602e56f0c169001dc3ba3e2614ff0af",
 "_XRES":"90e7ae114d3a8578",
 "_RAND":"5090a3ea24f861004111fb71bb0bc05c",
 "_CK":"cc03c7d1cadd5a28a6717d67a2eb9cfb",
 "_IK":"2a6e7e1fa6716eba7d976204634c9992"
}

This is what I can see in the log file when the 200 OK is parsed:
Processing response header
(4,3)        Status : 200 (OK)
(4,3)        Type   : json (application/json)
(4,3)      rest - Resuming execution
(4,3)      rest - Updating result attribute(s)
(4,3)      rest -   &request.REST-HTTP-Status-Code := 200
(4,3)      rest - Parsing attribute "_AUTN"
(4,3)      rest -   &reply:_AUTN := "c602e56f0c169001dc3ba3e2614ff0af"
(4,3)      rest - Parsing attribute "_XRES"
(4,3)      rest -   &reply:_XRES := "90e7ae114d3a8578"
(4,3)      rest - Parsing attribute "_RAND"
(4,3)      rest -   &reply:_RAND := "5090a3ea24f861004111fb71bb0bc05c"
(4,3)      rest - Parsing attribute "_CK"
(4,3)      rest -   &reply:_CK := "cc03c7d1cadd5a28a6717d67a2eb9cfb"
(4,3)      rest - Parsing attribute "_IK"
(4,3)      rest -   &reply:_IK := "2a6e7e1fa6716eba7d976204634c9992"
(4,3)      rest - Released connection (2)
(4,3)      rest (updated)

In the eap-aka-sim module, I need to set the quintuplets (RAND, AUTN, CK, IK, XRES) received from the HSS but I don't know how can use the values received for each parameter?

FYI, I used map function given in json module but I'm getting the following error when I start my freeradius server. here is what I tried in my json module:

map json "%(rest:POST http://172.26.111.160/rest/hss/wlan/getAuthenticationVector/%{User-Name})" {
    &AUTN := '$._AUTN'
    &CK := '$._CK'
    &IK := '$._IK'
    &RAND := '$._RAND'
    &XRES := '$._XRES'
}

in rest module, I have this configuration:

connect_uri = "http://172.26.111.160:80"

authorize {
    uri = "${..connect_uri}/rest/hss/wlan/getAuthenticationVector/%{User-Name}"
    method = 'POST'
    body = 'json'
    force_to = 'json'
    data = '{"username":"admin","password":"password","ratType":"WLAN","calledId":"%{Called-Station-ID}","callingId":"%{Calling-Station-ID}","nbOfVectors":1}'
    tls = ${..tls}
}

and this is the error I'm getting:

Info  : FreeRADIUS Version 4.0.0
Info  : Copyright 1999-2022 The FreeRADIUS server project and contributors
Info  : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info  : PARTICULAR PURPOSE
Info  : You may redistribute copies of FreeRADIUS under the terms of the
Info  : GNU General Public License
Info  : For more information about these matters, see the file named COPYRIGHT
Info  : Starting - reading configuration files ...
Debug : Including dictionary file "/usr/local/etc/raddb/dictionary"
including configuration file /usr/local/etc/raddb/radiusd.conf
Including files in directory "/usr/local/etc/raddb/template.d/"
including configuration file /usr/local/etc/raddb/template.d/default
including configuration file /usr/local/etc/raddb/clients.conf
Including files in directory "/usr/local/etc/raddb/mods-enabled/"
including configuration file /usr/local/etc/raddb/mods-enabled/always
including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
including configuration file /usr/local/etc/raddb/mods-enabled/chap
including configuration file /usr/local/etc/raddb/mods-enabled/client
including configuration file /usr/local/etc/raddb/mods-enabled/delay
including configuration file /usr/local/etc/raddb/mods-enabled/detail
including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
including configuration file /usr/local/etc/raddb/mods-enabled/digest
including configuration file /usr/local/etc/raddb/mods-enabled/eap
including configuration file /usr/local/etc/raddb/mods-enabled/eap_inner
including configuration file /usr/local/etc/raddb/mods-enabled/echo
including configuration file /usr/local/etc/raddb/mods-enabled/escape
including configuration file /usr/local/etc/raddb/mods-enabled/exec
including configuration file /usr/local/etc/raddb/mods-enabled/expr
including configuration file /usr/local/etc/raddb/mods-enabled/files
including configuration file /usr/local/etc/raddb/mods-enabled/json
/usr/local/etc/raddb/mods-enabled/json[75]: Parse error: expected '{', got text ""%(rest:POST http://172.26.111.160/rest/hss/wlan/getAuthenticationVector/%{User-Name})" {"
Error reading or parsing /usr/local/etc/raddb/radiusd.conf

Thanks in advance for your help,

BRs,
Amine