How to set values of authentication quintuplets received in a REST response from the AuC
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Feb 11 17:59:57 UTC 2022
> On Feb 11, 2022, at 9:41 AM, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Feb 10, 2022, at 11:06 AM, amine mustapha smaali <amine_mustapha at hotmail.com> wrote:
>> FYI, I used map function given in json module but I'm getting the following error when I start my freeradius server. here is what I tried in my json module:
>>
>> map json "%(rest:POST http://172.26.111.160/rest/hss/wlan/getAuthenticationVector/%{User-Name})" {
>
> You don't put that into the json module. You put it into a processing section. i.e. something in sites-enabled/
i.e.
send Challenge-Request {
map json "%(rest:POST http://172.26.111.160/rest/hss/wlan/getAuthenticationVector/%{session-state.Permanent-Identity)" {
&AUTN := '$._AUTN'
&CK := '$._CK'
&IK := '$._IK'
&RAND := '$._RAND'
&XRES := '$._XRES'
}
}
Note User-Name is the wrong attribute to use here, it's only the RADIUS User-Name and not available inside the
eap-aka-sim virtual server. You want session-state.Permanent-Identity which id derived from the EAP Identity Response,
or as the result of looking up/decoding/decrypting a pseudonym or fast reauth ID.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220211/012918c7/attachment.sig>
More information about the Freeradius-Users
mailing list