ACCESS::ephemeral-auth

Description

This command can be used either to create or verify a temporary password for ephemeral authentication.

Syntax

ACCESS::ephemeral-auth create <-user USER> [-auth_cfg AUTH_CONFIG] [-sid SESSION_ID]
ACCESS::ephemeral-auth verify <-user USER> <-password PASSWORD> <-protocol EPHEMERAL_AUTH_PROTOCOL>

ACCESS::ephemeral-auth create <-user USER> [-auth_cfg AUTH_CONFIG] [-sid SESSION_ID]

  • This command will create a temporary password and return its value. When auth_cfg is not given, it will use the one deduced from access-config that is associated with the virtual server. When sid is not given, it will use the one retrieved from the current access environment.

ACCESS::ephemeral-auth verify <-user USER> <-password PASSWORD> <-protocol EPHEMERAL_AUTH_PROTOCOL>

  • This command will verify the user credentials and return the session id that was used to generate temporary password.

Examples

proc ephemeral_auth_test1 {} {
    set user "jdoe"
    set passwd [ ACCESS::ephemeral-auth create -user $user -auth_cfg "/Common/auth1" -sid "123456789" ]
    log local0. "passwd created $user $passwd"
    set sid [ ACCESS::ephemeral-auth verify -user $user -password $passwd -protocol radius ]
    log local0. "verify $user $passwd $sid"
}

when HTTP_REQUEST {
    if { [ HTTP::path ] starts_with "/test1" } {
        call ephemeral_auth_test1
        HTTP::respond 200 -content "<html>test1</html>\n"
    }
}

proc ephemeral_auth_test2 {} {
    set user "jsmith"
    set passwd [ ACCESS::ephemeral-auth create -user $user -auth_cfg "/Common/auth1" ]
    log local0. "passwd created $user $passwd"
    set sid [ ACCESS::ephemeral-auth verify -user $user -password $passwd -protocol radius ]
    log local0. "verify $user $passwd $sid"
}

when ACCESS_SESSION_STARTED {
    if { [ HTTP::path ] starts_with "/test2" } {
        log local0. "session id: [ ACCESS::session sid ]"
        call ephemeral_auth_test2
        ACCESS::respond 200 -content "<html>test2</html>\n"
    }
}