How to set values of authentication quintuplets received in a REST response from the AuC

amine mustapha smaali amine_mustapha at hotmail.com
Mon Feb 14 17:01:27 UTC 2022 

Hi All,

Just to update you with some solutions related to my topic. I was able to set the content-type to application/json and also was able to send json data, this the settings I did in eap-aka-sim site:

send Challenge-Request {
    update control {
    &REST-HTTP-Header='Content-Type: application/json'
    }
    update request {
        &REST-HTTP-Body='{"username":"admin","password":"password","ratType":"WLAN","calledId":"%{Called-Station-ID}","callingId":"%{Calling-Station-ID}","nbOfVectors":1}'
    }
    map json "%(rest:POST http://172.26.111.160/rest/hss/wlan/getAuthenticationVector/%{session-state.Permanent-Identity} %{request.REST-HTTP-Body})" {
        &SIM-AUTN := '$._AUTN'
        &SIM-CK := '$._CK'
        &SIM-IK := '$._IK'
        &SIM-RAND := '$._RAND'
        &SIM-XRES := '$._XRES'
    }
    update control {
        &RAND = &SIM-RAND
        &AUTN = &SIM-AUTN
        &CK = &SIM-CK
        &IK = &SIM-IK
       &XRES = &SIM-XRES
    }
    ok
}

Now I'm struggling to find a solution for the following issues:

  *   How can I send the %{Calling-Station-ID} parameter in json data from eap-aka-sim site
  *   How can I convert the string data I received in 200 OK to hex value (e.g _RAND=​"11111111111111111111111111111111" to RAND=0x11111111111111111111111111111111)

Regards,
Amine


Regards,
Amine

________________________________
From: amine mustapha smaali <amine_mustapha at hotmail.com>
Sent: Monday, February 14, 2022 11:38
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: How to set values of authentication quintuplets received in a REST response from the AuC

Dear Arran,

Thanks a lot for your help.

I've tried your suggestion and now my freeradius server is starting without any problem.

However, the server is sending a rest message with Content-Type=application/x-www-form-urlencoded, I was expecting that the map function will only define the json parameters that will be parsed from the response message. In this case, I need a way to force the server to send a REST message with Content-Type=application/json and some json data {"key1":"value1","key2":"value2"}. Here is some output for your reference:

Mon Feb 14 11:28:32 2022: (1.0)        Sending HTTP POST to "http://172.26.111.160/rest/hss/wlan/getAuthenticationVector/604020147863491\%40wlan.mnc002.mcc604.3gppnetwork.org"
Mon Feb 14 11:28:32 2022: (1.0)        Connect timeout is 3s, request timeout is 4s
Mon Feb 14 11:28:32 2022: (1.0)        Adding custom headers:
Mon Feb 14 11:28:32 2022: (1.0)          X-FreeRADIUS-Section: xlat
Mon Feb 14 11:28:32 2022: (1.0)          X-FreeRADIUS-Server: (null)
Mon Feb 14 11:28:32 2022: (1.0)        Request body content-type will be "application/x-www-form-urlencoded"
Mon Feb 14 11:28:32 2022: (1.0)        Encoding attribute "EAP-Identity"
Mon Feb 14 11:28:32 2022: (1.0)          Length : 51
Mon Feb 14 11:28:32 2022: (1.0)          Value  : 0604020147863491%40wlan.mnc002.mcc604.3gppnetwork.org
Mon Feb 14 11:28:32 2022: (1.0)        Encoding attribute "EAP-Type"
Mon Feb 14 11:28:32 2022: (1.0)          Length : 3
Mon Feb 14 11:28:32 2022: (1.0)          Value  : AKA
Mon Feb 14 11:28:32 2022: (1.0)        Encoding attribute "Identity"
Mon Feb 14 11:28:32 2022: (1.0)          Length : 51
Mon Feb 14 11:28:32 2022: (1.0)          Value  : 0604020147863491%40wlan.mnc002.mcc604.3gppnetwork.org
Mon Feb 14 11:28:32 2022: (1.0)        Encoding attribute "Identity-Type"
Mon Feb 14 11:28:32 2022: (1.0)          Length : 9
Mon Feb 14 11:28:32 2022: (1.0)          Value  : permanent
Mon Feb 14 11:28:32 2022: (1.0)        Encoding attribute "Method-Hint"
Mon Feb 14 11:28:32 2022: (1.0)          Length : 3
Mon Feb 14 11:28:32 2022: (1.0)          Value  : AKA
Mon Feb 14 11:28:32 2022: (1.0)        POST Data: EAP-Identity=0604020147863491%40wlan.mnc002.mcc604.3gppnetwork.org&EAP-Type=AKA&Identity=0604020147863491%40wlan.mnc002.mcc604.3gppnetwork.org&Identity-Type=permanent&Method-Hint=AKA

Regards,
Amine

________________________________
From: Freeradius-Users <freeradius-users-bounces+amine_mustapha=hotmail.com at lists.freeradius.org> on behalf of Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Sent: Friday, February 11, 2022 19:01
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: How to set values of authentication quintuplets received in a REST response from the AuC



> On Feb 11, 2022, at 12:59 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>
>
>> On Feb 11, 2022, at 9:41 AM, Alan DeKok <aland at deployingradius.com> wrote:
>>
>> On Feb 10, 2022, at 11:06 AM, amine mustapha smaali <amine_mustapha at hotmail.com> wrote:
>>> FYI, I used map function given in json module but I'm getting the following error when I start my freeradius server. here is what I tried in my json module:
>>>
>>> map json "%(rest:POST http://172.26.111.160/rest/hss/wlan/getAuthenticationVector/%{User-Name})" {
>>
>> You don't put that into the json module.  You put it into a processing section.  i.e. something in sites-enabled/

typo, should be

map json "%(rest:POST http://172.26.111.160/rest/hss/wlan/getAuthenticationVector/%{session-state.Permanent-Identity})" {

Stupid fiddly brackets.

-Arran

More information about the Freeradius-Users mailing list