ACCESS::ephemeral-auth¶
Description¶
This command can be used either to create or verify a temporary password for ephemeral authentication.
Syntax¶
ACCESS::ephemeral-auth create <-user USER> [-auth_cfg AUTH_CONFIG] [-sid SESSION_ID]
ACCESS::ephemeral-auth verify <-user USER> <-password PASSWORD> <-protocol EPHEMERAL_AUTH_PROTOCOL>
ACCESS::ephemeral-auth create <-user USER> [-auth_cfg AUTH_CONFIG] [-sid SESSION_ID]¶
- This command will create a temporary password and return its value. When auth_cfg is not given, it will use the one deduced from access-config that is associated with the virtual server. When sid is not given, it will use the one retrieved from the current access environment.
ACCESS::ephemeral-auth verify <-user USER> <-password PASSWORD> <-protocol EPHEMERAL_AUTH_PROTOCOL>¶
- This command will verify the user credentials and return the session id that was used to generate temporary password.
Examples¶
proc ephemeral_auth_test1 {} {
set user "jdoe"
set passwd [ ACCESS::ephemeral-auth create -user $user -auth_cfg "/Common/auth1" -sid "123456789" ]
log local0. "passwd created $user $passwd"
set sid [ ACCESS::ephemeral-auth verify -user $user -password $passwd -protocol radius ]
log local0. "verify $user $passwd $sid"
}
when HTTP_REQUEST {
if { [ HTTP::path ] starts_with "/test1" } {
call ephemeral_auth_test1
HTTP::respond 200 -content "<html>test1</html>\n"
}
}
proc ephemeral_auth_test2 {} {
set user "jsmith"
set passwd [ ACCESS::ephemeral-auth create -user $user -auth_cfg "/Common/auth1" ]
log local0. "passwd created $user $passwd"
set sid [ ACCESS::ephemeral-auth verify -user $user -password $passwd -protocol radius ]
log local0. "verify $user $passwd $sid"
}
when ACCESS_SESSION_STARTED {
if { [ HTTP::path ] starts_with "/test2" } {
log local0. "session id: [ ACCESS::session sid ]"
call ephemeral_auth_test2
ACCESS::respond 200 -content "<html>test2</html>\n"
}
}