freeradius 3.0.17 rlm_rest解析json响应
[英]freeradius 3.0.17 rlm_rest parsing json response
问题描述
I'm trying to authenticate RADIUS Requests against a RESTful API (provided by Customer) using rlm_rest. 
我正在尝试使用rlm_rest针对RESTful API(由客户提供)对RADIUS请求进行身份验证。
The problem I am facing is that response JSON format (of REST API provided by Customer), is different from rlm_rest default format (indicated in etc/raddb/mods-enabled/rest ). 我面临的问题是(客户提供的REST API的)响应JSON格式与rlm_rest默认格式(在etc / raddb / mods-enabled / rest中指示)不同。
My Virtual Server configuration as below: 我的虚拟服务器配置如下:
Default 默认
authorize {
...
...
rest
if (ok) {
update control {
Auth-Type := rest
}
}
}
mods-enabled/rest 启用MODS-/休息
authorize {
uri = "https://3rd-party-API/auth"
method = 'post'
body = 'json'
chunk = 0
tls = ${..tls}
data = '{
"code": 1,
"identifier": %I,
"avps": {
"User-Name": ["%{User-Name}"],
"NAS-IP-Address": ["%{NAS-IP-Address}"],
"Called-Station-Id": ["%{Called-Station-Id}"],
"Calling-Station-Id": ["%{Calling-Station-Id}"],
"NAS-Identifier": ["%{NAS-Identifier}"]
}
}'
}
Result 结果
/sbin/radiusd -Xxx / sbin / radiusd -Xxx
HTTP response code HTTP响应码
200
JSON Body JSON正文
{
"code": "2",
"identifier": "91",
"avps": {
"Customer-Attributes": "Hello"
...
...
"Acct-Interim-Interval": "300"
}
}
The JSON structure is different from the example, and xlat parse "code" "identifier" "avps" JSON结构与示例不同,并且xlat解析“代码”“标识符”“ avps”
And, of course, xlat finds no attributes match with the dictionary, while it cannot find "avps" and won't dig deeper. 而且,当然,xlat找不到与字典匹配的属性,而找不到“ avps”并且不会更深入地研究。
So I was wondering is there anyway to either 所以我想知道无论如何
- Define the response JSON structure for xlat to parsing 定义用于xlat解析的响应JSON结构
- Insert a "is_json" or "do_xlat" flag into the JSON ("avps"), and hope xlat will then dig deeper 在JSON(“ avps”)中插入“ is_json”或“ do_xlat”标志,希望xlat会更深入
- Save the JSON and parse with exec/rlm_exec (using JQ or any other bash/JSON tools) 保存JSON并使用exec / rlm_exec解析(使用JQ或任何其他bash / JSON工具)
Please advise if there is any workaround. 请告知是否有任何解决方法。 Thanks! 谢谢!
1 个解决方案
解决方案1
0 已采纳 2018-11-21 16:33:27
In FreeRADIUS version 4, there's a rlm_json module, which implements a custom node query language based on xpath (jpath), it is extremely limited and only supports some very basic queries (feel free to enhance it via PR :) ). 在FreeRADIUS版本4中,有一个rlm_json模块,该模块实现基于xpath(jpath)的自定义节点查询语言,它非常有限,并且仅支持一些非常基本的查询(可以通过PR来增强它)。
Below is an example I pulled out of my library of customer configurations. 以下是我从客户配置库中提取的示例。 You can see here it's pulling out two keys (externalID and macAddress) from the root level of the JSON doc and assigning them to a couple of custom attributes (Subscriber-ID and Provisioned-MAC). 您可以在此处看到它正在从JSON文档的根级别提取两个密钥(externalID和macAddress),并将它们分配给几个自定义属性(Subscriber-ID和Provisioned-MAC)。
map json "%{rest_api:https://${modules.rest[rest_api].server}/admin/api/${modules.rest[rest_api].api_key}/external/getDeviceBySerialNumber?certificateSerialNumber=%{lpad:&TLS-Client-Cert-Serial 40 0}}" {
&Subscriber-ID := '$.externalId'
&Provisioned-MAC := '$.macAddress'
}
The xlat expansion can also be modified to send HTTP body data. 还可以修改xlat扩展以发送HTTP正文数据。 Just put a space after the URL and pass your custom JSON blob. 只需在URL后面放置一个空格并传递您的自定义JSON Blob。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.