$ cat radius.properties
secret=MY-SECRET
host=127.0.0.1
port=1812
show-traffic=true
Upon startup it prompts for username and password (please don't tell anyone my demo user's password ;-) and then sends a RADIUS AccessRequest to the targeted server. Upon receiving an AccessAccept response it dumped that response to the console as shown below and then exited. Those NAS fields are hard coded and have no meaning in this test but are required by the RFC to make the incoming request be valid on the server side.
$ java -cp openam-auth-radius-11.0.2-2014.12.09_04.15.jar com.sun.identity.authentication.modules.radius.ConsoleClient
? Username: demo
? Password: password
Packet To 127.0.0.1:1812
ACCESS_REQUEST [1]
- USER_NAME : demo
- USER_PASSWORD : *******
- NAS_IP_ADDRESS : localhost/127.0.0.1
- NAS_PORT : 1200
Packet From 127.0.0.1:1812
ACCESS_ACCEPT [1]
---> SUCCESS! You've Authenticated!
How about entering the wrong password? We are denied access as expected.
$ java -cp target/openam-auth-radius-11.0.2-2014.12.09_04.15.jar com.sun.identity.authentication.modules.radius.ConsoleClient
? Username: demo
? Password: bad-password
Packet To 127.0.0.1:1812
ACCESS_REQUEST [1]
- USER_NAME : demo
- USER_PASSWORD : *******
- NAS_IP_ADDRESS : localhost/127.0.0.1
- NAS_PORT : 1200
Packet From 127.0.0.1:1812
ACCESS_REJECT [1]
---> Sorry. Not Authenticated.
I'll be posting more entries on the RADIUS solution and how it is configured and hopefully some of what I've learned about OpenAM's internal workings. But for now, to be clear, I've only defined this one client in the OpenAM console instructing OpenAM to authenticate requests for that particular client against the root realm, "/", and authentication chain, "ldapService", which only contains the DataStore authentication module within it. So what happens when there are more modules in the chain?
Stay tuned.
No comments:
Post a Comment