uam wiligear.com
TRANSCRIPT
UAM
Contents
1 Universal Access Method11 Universal Access MethodOverview
111 Login Pageloz 112 Status Pageloz 113 Customize UAMPages
loz
diams
12 Extended UAM121 Portal version 1loz 122 Portal version 2loz 123 UAM LoginURLs
loz
124 AuthenticationResults
loz
125 External UAMportal sample sourcecode
loz
diams
bull
Universal Access MethodUniversal Access Method (UAM) is a simple Web browser based user authentication method On initialHTTP request to any Web site (except for white list entries refer to section WhiteBlack List Configuration ofthe respective document WILI-S Configuration Reference Manual for details) clients browser is redirected tothe authentication page After logging in user is provided with additional set of pages with session statisticsand log-out function
UAM pages are
Login Page subscriber authentication page allows the user to login to the networkloz Status Page users session status pageloz
These pages can be served by internal WILI Web server or by external Web Application Server
Universal Access Method Overview
Login Page
When using internal UAM the Login page is the first page a Hotspot subscriber receives when he starts hisWeb browser and enters any URL To get access to the network the user should enter his authentication
UAM
Universal Access Method 1
settings login name and password and click the login button
Access Controller could be shared by several Wireless Internet Service Providers (WISP) They are uniquelyidentified by specifying WISP domain name in addition to subscriber user name when logging in AccessController can be configured to send authentication and accounting information to different AuthenticationAuthorization and Accounting (AAA) servers associated with different WISP domains
Subscriber login formats available on WILI-S
usernameloz usernameWISPdomainloz WISPdomainusernameloz
Status Page
The status page contains detailed subscribers session information and provides function for logging out of thenetwork
UAM
Login Page 2
Username name of the authenticated user
MAC address MAC address of the client station
IP address IP address of the client station
Session time session time user has spent in current session
Remaining session time remaining current session time
Upload bytes number of bytes transferred towards the client station
Remaining upload bytes number of bytes that can be transferred towards the client station until session isterminated (constant zero means no bound is currently active on the transferred data)
Download bytes number of bytes sent by the client station
Remaining download bytes number of bytes that can be sent by the client station until session is terminated(constant zero means no bound is currently active on the transferred data)
UAM
Status Page 3
Max upload bandwidth maximum bandwidth throughput limit for packets sent by the client station
Max download bandwidth maximum bandwidth throughput limit for packets sent towards the clientstation
Idle time time since the last transmitted packet from client station
Remaining idle time remaining idle time until session is terminated
Interface name name of the interface client is connected to
Remaining total bytes total number of bytes that can be transferred until session is terminated (constantzero means no bound is currently active on the transferred data)
Refresh click the button to refresh the subscriber session information
Logout click the button to explicitly logout from the network
Customize UAM Pages
There is a possibility to customize UAM pages according your needs The WILI software versions starting354 web interface is performed using skins UAM pages are included in the skin archive and may be easilychanged
The UAM pages customizing requires basic HTML and some PHP knowledge
Follow the steps to change look and functionality of UAM pages
Download current skin archive (on device web management interface go to menu Skins select activeskin and click Download)
1
Extract all files from the skin archive2 Go to uam directory3 HTML pages are in view subdirectory stylesheets and images are in images subdirectory4 Make your changes (HTML images stylesheet - given directories are just suggestion othersubdirectories may be used but we recommend to keep everything in parent directory uam)
5
Return one level up from uam directory6
Do not forget to update versiontxt changing version numbers andor name If you will try to uploadskin with same version name and numbers it may fail to overwrite (built-in skins are notoverwritable need update at least version numbers)
Archive all skin files to tar or tgz archive1 Upload archive to device (on device web management interface go to menu Skins choose archive fileusing Borwse button and click Upload button)
2
Activate new uploaded skin (on device web management interface go to menu Skins select activeskin and click Activate)
3
UAM
Customize UAM Pages 4
The cgi files can be modified only if PHP knowledge is available Note that modification ofcgi files can affect the web management functionalityThe lib directory is designed to work with internal device functionality and should not bemodified when changing UAM pages
Extended UAM
The external UAM allows an external Web Application Server (WAS) to intercept and take part in the userauthentication process by externally logging-in and logging-out the user as necessary It also provides a meansto query subscribers session information
See the diagram and the description below for an explanation of how the extended UAM process works
Portal version 1
Network topology Access Controller (AC) and Portal (WAS) are in the same subnet Client communicationdirect to the AC isnt allowed
Any attempt to access the Internet using HTTP(S) (1) is intercepted by device and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS instructs the device to
UAM
Extended UAM 5
authenticate the user (5) At this stage the shared secret is used to establish the secure connection between theWAS and the device The device sends a RADIUS (Remote Authentication Dial In User Service) accessrequest to the appropriate server (6) receives the response (7) and informs the WAS about authenticationstatus The WAS then informs the client of the authentication result (8) and if authenticated the client isgranted access to the Internet
Portal version 2
Network topology Access Controller (AC) is located in private network and Portal (WAS) is located onremote server but doesnt have direct access or routes back to the AC In that case client during authenticationis redirected back to the AC and initiated authentication On AC suppose to be granted HTTPS or HTTPaccess for client
Any attempt to access the Internet using HTTP(S) (1) is intercepted by AC and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS initiates user redirectiondirectly to AC (5) At this stage user sends his credentials directly to AC (6) AC sends a RADIUS (RemoteAuthentication Dial In User Service) access request to the appropriate server (7) receives the response (8) andinforms the WAS about authentication status The WAS then informs the client of the authentication result (9)and if authenticated the client is granted access to the Internet
UAM
Portal version 1 6
The WAS location URL specified for the welcome page redirect must be included in the whitelist Refer to section WhiteBlack List Configuration of the respective document WILI-SConfiguration Reference Manual for details
Remote authentication must be enabled and the shared secret must be configured for extended UAM to work
Shared secrets must be the same on the WAS server and the WILI device to allow the opening of asecure SSL session between the WAS and the WILI-S based device
UAM Login URLs
UAM login URL can be configured in the WILI configuration file and should point to WAS portal On firstWeb access subscribers browser is redirected to the specified login URL Different parameters can be addedto the URL string to pass them to WAS This includes several special placeholders the WILI automaticallyreplaces with their respectable values The following table summarizes the available placeholders
Placeholder Descriptionnasid Returns the ID assigned to the NAS
wanip nasipReturns the IP address of the NAS interface the authentication request is sentfrom nasip is used as an alias for lanip in new implementation
wanportsslport
Returns the secure port number on the NAS where subscriber login information should besent to for authentication
nasip lanip Returns the IP address of the NAS interface the subscribers computer is connected tonasifc Returns the NAS interface name the subscribers computer is connected toclientip Returns the IP address of the subscribers computerclientmacmac
Returns the MAC address of the subscribers computer
clienturlourl
Returns the original URL requested by the subscriber
clientlanglang
Returns the Web browser language that is set on subscribers computer
Note In new portal implementations only bold placeholders should be used Duplicate placeholders areincluded only for backwards compatibility and in future versions may be removed Parameter nasifc isoptional but it should be sent back to NAS from portal for better performance
Examples
1 General URL
ltURLgtlt|ampgtclientlang=clientlangampnasid=nasidampnasip=nasipampnasifc=nasifcampclientip=clientipampclientmac=clientmacampwanport=wanportampourl=ourl
1 Specific URL with no default parameters overridden
httpsltWAS_IPgtltWAS_PORTgtportalcgisubscriber_key1=subscriber_value1ampsubscriber_key2=subscriber_value2
2 Specific URLs with nasip and wanport default parameters overrid
UAM
Portal version 2 7
httpsltWAS_IPgtportalphpcustomer_key1=customer_value1ampcustomer_key2=customer_value2ampnasip=19216823ampwanport=9000httpsltWAS_IPgtltWAS_PORTgtportalaspuser_ip=customer_value1ampcustomer_key2=customer_value2ampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
3 Specific URL with nasip and wanport default parameters overridden and placeholders used
httpsltWAS_IPgtltWAS_PORTgtportalcgicustomer_key1=clientipampcustomer_key2=ourlampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
There are two network scenarios when default parameters play different roles and should be overwritten insome cases
1 Assume that the WILI device is not behind a masquerading device and that its IP address is 19216822The subject domain name in its SSL certificates is wiliboxdomaincom The Host HTTP header should be setto one of
Host wiliboxdomaincom443 Host 19216822443
2 Assume that the WILI device is behind a masquerading device The masquerading device has the address192168103 and the device has the address 19216822 A NAT mapping is defined on the masqueradingdevice that redirects traffic received on port 443 to 19216822443 The login application on WAS must sendits requests to 192168103 which results in a HTTP Host header that contains one of the following
Host nattingroutercom443 Host 192168103443
When this request is forwarded to the WILI device it will be rejected To solve the problem the loginapplication on WAS must forge the host HTTP header This is easily done by plugging in the values returnedby the nasip and wanport placeholders
Host nasipwanport
The WILI device sends the username and password to the RADIUS server to authenticate the subscriber Ifauthentication is successful the subscribers IP or MAC address is used to grant wirelesswired networkaccess to the subscribers computer The WILI device returns a positive or negative answer for the subscriberlogin along with the relevant URLs that may be needed by the login application on WAS in order to redirectthe subscriber to either a Welcome page or a Login error page located on the WAS This information isreturned as standard plaintext with key-value content The login application on WAS must parse thisinformation to retrieve the response All possible responses are described below
Authentication Results
1 Remote user log-on produces XML output
ltlogongt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltreplymessagegtstringltreplymessagegt ltlogongt
UAM
UAM Login URLs 8
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 User logged onNot checked 100 Logon information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo password 105 No user password suppliedNo IPMAC 106 No user IP andor MAC address suppliedOk 110 User already logged onFailed to authorize 111 Failed to authorize userBad password 112 Bad username orand passwordNetwork failed 113 Network connection failedAccounting error 114 Accounting errorToo many users 115 Too many users connectedUnknown authorization error 120 Unknown authorization error
Responses from RADIUS are served with the following response line
ltreplymessagegtstringltreplymessagegt
If there are multiple RADIUS messages the line will be repeated to output all RADIUS responses Example
ltlogongt ltstatusgtFailed to authorizeltstatusgt lterrorgt111lterrorgt ltdescriptiongtFailed to authorize userltdescriptiongt ltreplymessagegtUser password is expiredltreplymessagegt ltreplymessagegtCan not authenticate user because user is disabledltreplymessagegt ltlogongt
In case RADIUS did not respond with custom messages replymessage tag will not be added to XML output
2 Remote user log-off produces XML output
ltlogoffgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltlogoffgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongt
UAM
Authentication Results 9
Ok 0 User logged offNot checked 100 Logoff information not checkedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address suppliedNo user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address and username not foundNo user by IP and MAC 123 User with supplied IP MAC addresses and username not foundFailed to logoff 131 Failed to logoff userCannot resolve IP 132 Cannot resolve user IPUnknown logoff error 140 Unknown logoff error
3 Remote user status produces XML output
ltppstatusgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltentry id=1gtstringltentrygt ltentry id=2gtstringltentrygt ltentry id=3gtstringltentrygt ltentry id=4gtstringltentrygt ltentry id=5gtstringltentrygt ltentry id=6gtstringltentrygt ltentry id=7gtstringltentrygt ltentry id=8gtstringltentrygt ltentry id=9gtstringltentrygt ltentry id=10gtstringltentrygt ltentry id=11gtstringltentrygt ltentry id=12gtstringltentrygt ltentry id=13gtstringltentrygt ltentry id=14gtstringltentrygt ltentry id=15gtstringltentrygt ltentry id=16gtstringltentrygt ltppstatusgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 Got user statusNot checked 100 Status information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address supplied
UAM
Authentication Results 10
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
settings login name and password and click the login button
Access Controller could be shared by several Wireless Internet Service Providers (WISP) They are uniquelyidentified by specifying WISP domain name in addition to subscriber user name when logging in AccessController can be configured to send authentication and accounting information to different AuthenticationAuthorization and Accounting (AAA) servers associated with different WISP domains
Subscriber login formats available on WILI-S
usernameloz usernameWISPdomainloz WISPdomainusernameloz
Status Page
The status page contains detailed subscribers session information and provides function for logging out of thenetwork
UAM
Login Page 2
Username name of the authenticated user
MAC address MAC address of the client station
IP address IP address of the client station
Session time session time user has spent in current session
Remaining session time remaining current session time
Upload bytes number of bytes transferred towards the client station
Remaining upload bytes number of bytes that can be transferred towards the client station until session isterminated (constant zero means no bound is currently active on the transferred data)
Download bytes number of bytes sent by the client station
Remaining download bytes number of bytes that can be sent by the client station until session is terminated(constant zero means no bound is currently active on the transferred data)
UAM
Status Page 3
Max upload bandwidth maximum bandwidth throughput limit for packets sent by the client station
Max download bandwidth maximum bandwidth throughput limit for packets sent towards the clientstation
Idle time time since the last transmitted packet from client station
Remaining idle time remaining idle time until session is terminated
Interface name name of the interface client is connected to
Remaining total bytes total number of bytes that can be transferred until session is terminated (constantzero means no bound is currently active on the transferred data)
Refresh click the button to refresh the subscriber session information
Logout click the button to explicitly logout from the network
Customize UAM Pages
There is a possibility to customize UAM pages according your needs The WILI software versions starting354 web interface is performed using skins UAM pages are included in the skin archive and may be easilychanged
The UAM pages customizing requires basic HTML and some PHP knowledge
Follow the steps to change look and functionality of UAM pages
Download current skin archive (on device web management interface go to menu Skins select activeskin and click Download)
1
Extract all files from the skin archive2 Go to uam directory3 HTML pages are in view subdirectory stylesheets and images are in images subdirectory4 Make your changes (HTML images stylesheet - given directories are just suggestion othersubdirectories may be used but we recommend to keep everything in parent directory uam)
5
Return one level up from uam directory6
Do not forget to update versiontxt changing version numbers andor name If you will try to uploadskin with same version name and numbers it may fail to overwrite (built-in skins are notoverwritable need update at least version numbers)
Archive all skin files to tar or tgz archive1 Upload archive to device (on device web management interface go to menu Skins choose archive fileusing Borwse button and click Upload button)
2
Activate new uploaded skin (on device web management interface go to menu Skins select activeskin and click Activate)
3
UAM
Customize UAM Pages 4
The cgi files can be modified only if PHP knowledge is available Note that modification ofcgi files can affect the web management functionalityThe lib directory is designed to work with internal device functionality and should not bemodified when changing UAM pages
Extended UAM
The external UAM allows an external Web Application Server (WAS) to intercept and take part in the userauthentication process by externally logging-in and logging-out the user as necessary It also provides a meansto query subscribers session information
See the diagram and the description below for an explanation of how the extended UAM process works
Portal version 1
Network topology Access Controller (AC) and Portal (WAS) are in the same subnet Client communicationdirect to the AC isnt allowed
Any attempt to access the Internet using HTTP(S) (1) is intercepted by device and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS instructs the device to
UAM
Extended UAM 5
authenticate the user (5) At this stage the shared secret is used to establish the secure connection between theWAS and the device The device sends a RADIUS (Remote Authentication Dial In User Service) accessrequest to the appropriate server (6) receives the response (7) and informs the WAS about authenticationstatus The WAS then informs the client of the authentication result (8) and if authenticated the client isgranted access to the Internet
Portal version 2
Network topology Access Controller (AC) is located in private network and Portal (WAS) is located onremote server but doesnt have direct access or routes back to the AC In that case client during authenticationis redirected back to the AC and initiated authentication On AC suppose to be granted HTTPS or HTTPaccess for client
Any attempt to access the Internet using HTTP(S) (1) is intercepted by AC and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS initiates user redirectiondirectly to AC (5) At this stage user sends his credentials directly to AC (6) AC sends a RADIUS (RemoteAuthentication Dial In User Service) access request to the appropriate server (7) receives the response (8) andinforms the WAS about authentication status The WAS then informs the client of the authentication result (9)and if authenticated the client is granted access to the Internet
UAM
Portal version 1 6
The WAS location URL specified for the welcome page redirect must be included in the whitelist Refer to section WhiteBlack List Configuration of the respective document WILI-SConfiguration Reference Manual for details
Remote authentication must be enabled and the shared secret must be configured for extended UAM to work
Shared secrets must be the same on the WAS server and the WILI device to allow the opening of asecure SSL session between the WAS and the WILI-S based device
UAM Login URLs
UAM login URL can be configured in the WILI configuration file and should point to WAS portal On firstWeb access subscribers browser is redirected to the specified login URL Different parameters can be addedto the URL string to pass them to WAS This includes several special placeholders the WILI automaticallyreplaces with their respectable values The following table summarizes the available placeholders
Placeholder Descriptionnasid Returns the ID assigned to the NAS
wanip nasipReturns the IP address of the NAS interface the authentication request is sentfrom nasip is used as an alias for lanip in new implementation
wanportsslport
Returns the secure port number on the NAS where subscriber login information should besent to for authentication
nasip lanip Returns the IP address of the NAS interface the subscribers computer is connected tonasifc Returns the NAS interface name the subscribers computer is connected toclientip Returns the IP address of the subscribers computerclientmacmac
Returns the MAC address of the subscribers computer
clienturlourl
Returns the original URL requested by the subscriber
clientlanglang
Returns the Web browser language that is set on subscribers computer
Note In new portal implementations only bold placeholders should be used Duplicate placeholders areincluded only for backwards compatibility and in future versions may be removed Parameter nasifc isoptional but it should be sent back to NAS from portal for better performance
Examples
1 General URL
ltURLgtlt|ampgtclientlang=clientlangampnasid=nasidampnasip=nasipampnasifc=nasifcampclientip=clientipampclientmac=clientmacampwanport=wanportampourl=ourl
1 Specific URL with no default parameters overridden
httpsltWAS_IPgtltWAS_PORTgtportalcgisubscriber_key1=subscriber_value1ampsubscriber_key2=subscriber_value2
2 Specific URLs with nasip and wanport default parameters overrid
UAM
Portal version 2 7
httpsltWAS_IPgtportalphpcustomer_key1=customer_value1ampcustomer_key2=customer_value2ampnasip=19216823ampwanport=9000httpsltWAS_IPgtltWAS_PORTgtportalaspuser_ip=customer_value1ampcustomer_key2=customer_value2ampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
3 Specific URL with nasip and wanport default parameters overridden and placeholders used
httpsltWAS_IPgtltWAS_PORTgtportalcgicustomer_key1=clientipampcustomer_key2=ourlampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
There are two network scenarios when default parameters play different roles and should be overwritten insome cases
1 Assume that the WILI device is not behind a masquerading device and that its IP address is 19216822The subject domain name in its SSL certificates is wiliboxdomaincom The Host HTTP header should be setto one of
Host wiliboxdomaincom443 Host 19216822443
2 Assume that the WILI device is behind a masquerading device The masquerading device has the address192168103 and the device has the address 19216822 A NAT mapping is defined on the masqueradingdevice that redirects traffic received on port 443 to 19216822443 The login application on WAS must sendits requests to 192168103 which results in a HTTP Host header that contains one of the following
Host nattingroutercom443 Host 192168103443
When this request is forwarded to the WILI device it will be rejected To solve the problem the loginapplication on WAS must forge the host HTTP header This is easily done by plugging in the values returnedby the nasip and wanport placeholders
Host nasipwanport
The WILI device sends the username and password to the RADIUS server to authenticate the subscriber Ifauthentication is successful the subscribers IP or MAC address is used to grant wirelesswired networkaccess to the subscribers computer The WILI device returns a positive or negative answer for the subscriberlogin along with the relevant URLs that may be needed by the login application on WAS in order to redirectthe subscriber to either a Welcome page or a Login error page located on the WAS This information isreturned as standard plaintext with key-value content The login application on WAS must parse thisinformation to retrieve the response All possible responses are described below
Authentication Results
1 Remote user log-on produces XML output
ltlogongt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltreplymessagegtstringltreplymessagegt ltlogongt
UAM
UAM Login URLs 8
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 User logged onNot checked 100 Logon information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo password 105 No user password suppliedNo IPMAC 106 No user IP andor MAC address suppliedOk 110 User already logged onFailed to authorize 111 Failed to authorize userBad password 112 Bad username orand passwordNetwork failed 113 Network connection failedAccounting error 114 Accounting errorToo many users 115 Too many users connectedUnknown authorization error 120 Unknown authorization error
Responses from RADIUS are served with the following response line
ltreplymessagegtstringltreplymessagegt
If there are multiple RADIUS messages the line will be repeated to output all RADIUS responses Example
ltlogongt ltstatusgtFailed to authorizeltstatusgt lterrorgt111lterrorgt ltdescriptiongtFailed to authorize userltdescriptiongt ltreplymessagegtUser password is expiredltreplymessagegt ltreplymessagegtCan not authenticate user because user is disabledltreplymessagegt ltlogongt
In case RADIUS did not respond with custom messages replymessage tag will not be added to XML output
2 Remote user log-off produces XML output
ltlogoffgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltlogoffgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongt
UAM
Authentication Results 9
Ok 0 User logged offNot checked 100 Logoff information not checkedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address suppliedNo user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address and username not foundNo user by IP and MAC 123 User with supplied IP MAC addresses and username not foundFailed to logoff 131 Failed to logoff userCannot resolve IP 132 Cannot resolve user IPUnknown logoff error 140 Unknown logoff error
3 Remote user status produces XML output
ltppstatusgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltentry id=1gtstringltentrygt ltentry id=2gtstringltentrygt ltentry id=3gtstringltentrygt ltentry id=4gtstringltentrygt ltentry id=5gtstringltentrygt ltentry id=6gtstringltentrygt ltentry id=7gtstringltentrygt ltentry id=8gtstringltentrygt ltentry id=9gtstringltentrygt ltentry id=10gtstringltentrygt ltentry id=11gtstringltentrygt ltentry id=12gtstringltentrygt ltentry id=13gtstringltentrygt ltentry id=14gtstringltentrygt ltentry id=15gtstringltentrygt ltentry id=16gtstringltentrygt ltppstatusgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 Got user statusNot checked 100 Status information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address supplied
UAM
Authentication Results 10
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
Username name of the authenticated user
MAC address MAC address of the client station
IP address IP address of the client station
Session time session time user has spent in current session
Remaining session time remaining current session time
Upload bytes number of bytes transferred towards the client station
Remaining upload bytes number of bytes that can be transferred towards the client station until session isterminated (constant zero means no bound is currently active on the transferred data)
Download bytes number of bytes sent by the client station
Remaining download bytes number of bytes that can be sent by the client station until session is terminated(constant zero means no bound is currently active on the transferred data)
UAM
Status Page 3
Max upload bandwidth maximum bandwidth throughput limit for packets sent by the client station
Max download bandwidth maximum bandwidth throughput limit for packets sent towards the clientstation
Idle time time since the last transmitted packet from client station
Remaining idle time remaining idle time until session is terminated
Interface name name of the interface client is connected to
Remaining total bytes total number of bytes that can be transferred until session is terminated (constantzero means no bound is currently active on the transferred data)
Refresh click the button to refresh the subscriber session information
Logout click the button to explicitly logout from the network
Customize UAM Pages
There is a possibility to customize UAM pages according your needs The WILI software versions starting354 web interface is performed using skins UAM pages are included in the skin archive and may be easilychanged
The UAM pages customizing requires basic HTML and some PHP knowledge
Follow the steps to change look and functionality of UAM pages
Download current skin archive (on device web management interface go to menu Skins select activeskin and click Download)
1
Extract all files from the skin archive2 Go to uam directory3 HTML pages are in view subdirectory stylesheets and images are in images subdirectory4 Make your changes (HTML images stylesheet - given directories are just suggestion othersubdirectories may be used but we recommend to keep everything in parent directory uam)
5
Return one level up from uam directory6
Do not forget to update versiontxt changing version numbers andor name If you will try to uploadskin with same version name and numbers it may fail to overwrite (built-in skins are notoverwritable need update at least version numbers)
Archive all skin files to tar or tgz archive1 Upload archive to device (on device web management interface go to menu Skins choose archive fileusing Borwse button and click Upload button)
2
Activate new uploaded skin (on device web management interface go to menu Skins select activeskin and click Activate)
3
UAM
Customize UAM Pages 4
The cgi files can be modified only if PHP knowledge is available Note that modification ofcgi files can affect the web management functionalityThe lib directory is designed to work with internal device functionality and should not bemodified when changing UAM pages
Extended UAM
The external UAM allows an external Web Application Server (WAS) to intercept and take part in the userauthentication process by externally logging-in and logging-out the user as necessary It also provides a meansto query subscribers session information
See the diagram and the description below for an explanation of how the extended UAM process works
Portal version 1
Network topology Access Controller (AC) and Portal (WAS) are in the same subnet Client communicationdirect to the AC isnt allowed
Any attempt to access the Internet using HTTP(S) (1) is intercepted by device and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS instructs the device to
UAM
Extended UAM 5
authenticate the user (5) At this stage the shared secret is used to establish the secure connection between theWAS and the device The device sends a RADIUS (Remote Authentication Dial In User Service) accessrequest to the appropriate server (6) receives the response (7) and informs the WAS about authenticationstatus The WAS then informs the client of the authentication result (8) and if authenticated the client isgranted access to the Internet
Portal version 2
Network topology Access Controller (AC) is located in private network and Portal (WAS) is located onremote server but doesnt have direct access or routes back to the AC In that case client during authenticationis redirected back to the AC and initiated authentication On AC suppose to be granted HTTPS or HTTPaccess for client
Any attempt to access the Internet using HTTP(S) (1) is intercepted by AC and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS initiates user redirectiondirectly to AC (5) At this stage user sends his credentials directly to AC (6) AC sends a RADIUS (RemoteAuthentication Dial In User Service) access request to the appropriate server (7) receives the response (8) andinforms the WAS about authentication status The WAS then informs the client of the authentication result (9)and if authenticated the client is granted access to the Internet
UAM
Portal version 1 6
The WAS location URL specified for the welcome page redirect must be included in the whitelist Refer to section WhiteBlack List Configuration of the respective document WILI-SConfiguration Reference Manual for details
Remote authentication must be enabled and the shared secret must be configured for extended UAM to work
Shared secrets must be the same on the WAS server and the WILI device to allow the opening of asecure SSL session between the WAS and the WILI-S based device
UAM Login URLs
UAM login URL can be configured in the WILI configuration file and should point to WAS portal On firstWeb access subscribers browser is redirected to the specified login URL Different parameters can be addedto the URL string to pass them to WAS This includes several special placeholders the WILI automaticallyreplaces with their respectable values The following table summarizes the available placeholders
Placeholder Descriptionnasid Returns the ID assigned to the NAS
wanip nasipReturns the IP address of the NAS interface the authentication request is sentfrom nasip is used as an alias for lanip in new implementation
wanportsslport
Returns the secure port number on the NAS where subscriber login information should besent to for authentication
nasip lanip Returns the IP address of the NAS interface the subscribers computer is connected tonasifc Returns the NAS interface name the subscribers computer is connected toclientip Returns the IP address of the subscribers computerclientmacmac
Returns the MAC address of the subscribers computer
clienturlourl
Returns the original URL requested by the subscriber
clientlanglang
Returns the Web browser language that is set on subscribers computer
Note In new portal implementations only bold placeholders should be used Duplicate placeholders areincluded only for backwards compatibility and in future versions may be removed Parameter nasifc isoptional but it should be sent back to NAS from portal for better performance
Examples
1 General URL
ltURLgtlt|ampgtclientlang=clientlangampnasid=nasidampnasip=nasipampnasifc=nasifcampclientip=clientipampclientmac=clientmacampwanport=wanportampourl=ourl
1 Specific URL with no default parameters overridden
httpsltWAS_IPgtltWAS_PORTgtportalcgisubscriber_key1=subscriber_value1ampsubscriber_key2=subscriber_value2
2 Specific URLs with nasip and wanport default parameters overrid
UAM
Portal version 2 7
httpsltWAS_IPgtportalphpcustomer_key1=customer_value1ampcustomer_key2=customer_value2ampnasip=19216823ampwanport=9000httpsltWAS_IPgtltWAS_PORTgtportalaspuser_ip=customer_value1ampcustomer_key2=customer_value2ampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
3 Specific URL with nasip and wanport default parameters overridden and placeholders used
httpsltWAS_IPgtltWAS_PORTgtportalcgicustomer_key1=clientipampcustomer_key2=ourlampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
There are two network scenarios when default parameters play different roles and should be overwritten insome cases
1 Assume that the WILI device is not behind a masquerading device and that its IP address is 19216822The subject domain name in its SSL certificates is wiliboxdomaincom The Host HTTP header should be setto one of
Host wiliboxdomaincom443 Host 19216822443
2 Assume that the WILI device is behind a masquerading device The masquerading device has the address192168103 and the device has the address 19216822 A NAT mapping is defined on the masqueradingdevice that redirects traffic received on port 443 to 19216822443 The login application on WAS must sendits requests to 192168103 which results in a HTTP Host header that contains one of the following
Host nattingroutercom443 Host 192168103443
When this request is forwarded to the WILI device it will be rejected To solve the problem the loginapplication on WAS must forge the host HTTP header This is easily done by plugging in the values returnedby the nasip and wanport placeholders
Host nasipwanport
The WILI device sends the username and password to the RADIUS server to authenticate the subscriber Ifauthentication is successful the subscribers IP or MAC address is used to grant wirelesswired networkaccess to the subscribers computer The WILI device returns a positive or negative answer for the subscriberlogin along with the relevant URLs that may be needed by the login application on WAS in order to redirectthe subscriber to either a Welcome page or a Login error page located on the WAS This information isreturned as standard plaintext with key-value content The login application on WAS must parse thisinformation to retrieve the response All possible responses are described below
Authentication Results
1 Remote user log-on produces XML output
ltlogongt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltreplymessagegtstringltreplymessagegt ltlogongt
UAM
UAM Login URLs 8
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 User logged onNot checked 100 Logon information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo password 105 No user password suppliedNo IPMAC 106 No user IP andor MAC address suppliedOk 110 User already logged onFailed to authorize 111 Failed to authorize userBad password 112 Bad username orand passwordNetwork failed 113 Network connection failedAccounting error 114 Accounting errorToo many users 115 Too many users connectedUnknown authorization error 120 Unknown authorization error
Responses from RADIUS are served with the following response line
ltreplymessagegtstringltreplymessagegt
If there are multiple RADIUS messages the line will be repeated to output all RADIUS responses Example
ltlogongt ltstatusgtFailed to authorizeltstatusgt lterrorgt111lterrorgt ltdescriptiongtFailed to authorize userltdescriptiongt ltreplymessagegtUser password is expiredltreplymessagegt ltreplymessagegtCan not authenticate user because user is disabledltreplymessagegt ltlogongt
In case RADIUS did not respond with custom messages replymessage tag will not be added to XML output
2 Remote user log-off produces XML output
ltlogoffgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltlogoffgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongt
UAM
Authentication Results 9
Ok 0 User logged offNot checked 100 Logoff information not checkedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address suppliedNo user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address and username not foundNo user by IP and MAC 123 User with supplied IP MAC addresses and username not foundFailed to logoff 131 Failed to logoff userCannot resolve IP 132 Cannot resolve user IPUnknown logoff error 140 Unknown logoff error
3 Remote user status produces XML output
ltppstatusgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltentry id=1gtstringltentrygt ltentry id=2gtstringltentrygt ltentry id=3gtstringltentrygt ltentry id=4gtstringltentrygt ltentry id=5gtstringltentrygt ltentry id=6gtstringltentrygt ltentry id=7gtstringltentrygt ltentry id=8gtstringltentrygt ltentry id=9gtstringltentrygt ltentry id=10gtstringltentrygt ltentry id=11gtstringltentrygt ltentry id=12gtstringltentrygt ltentry id=13gtstringltentrygt ltentry id=14gtstringltentrygt ltentry id=15gtstringltentrygt ltentry id=16gtstringltentrygt ltppstatusgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 Got user statusNot checked 100 Status information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address supplied
UAM
Authentication Results 10
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
Max upload bandwidth maximum bandwidth throughput limit for packets sent by the client station
Max download bandwidth maximum bandwidth throughput limit for packets sent towards the clientstation
Idle time time since the last transmitted packet from client station
Remaining idle time remaining idle time until session is terminated
Interface name name of the interface client is connected to
Remaining total bytes total number of bytes that can be transferred until session is terminated (constantzero means no bound is currently active on the transferred data)
Refresh click the button to refresh the subscriber session information
Logout click the button to explicitly logout from the network
Customize UAM Pages
There is a possibility to customize UAM pages according your needs The WILI software versions starting354 web interface is performed using skins UAM pages are included in the skin archive and may be easilychanged
The UAM pages customizing requires basic HTML and some PHP knowledge
Follow the steps to change look and functionality of UAM pages
Download current skin archive (on device web management interface go to menu Skins select activeskin and click Download)
1
Extract all files from the skin archive2 Go to uam directory3 HTML pages are in view subdirectory stylesheets and images are in images subdirectory4 Make your changes (HTML images stylesheet - given directories are just suggestion othersubdirectories may be used but we recommend to keep everything in parent directory uam)
5
Return one level up from uam directory6
Do not forget to update versiontxt changing version numbers andor name If you will try to uploadskin with same version name and numbers it may fail to overwrite (built-in skins are notoverwritable need update at least version numbers)
Archive all skin files to tar or tgz archive1 Upload archive to device (on device web management interface go to menu Skins choose archive fileusing Borwse button and click Upload button)
2
Activate new uploaded skin (on device web management interface go to menu Skins select activeskin and click Activate)
3
UAM
Customize UAM Pages 4
The cgi files can be modified only if PHP knowledge is available Note that modification ofcgi files can affect the web management functionalityThe lib directory is designed to work with internal device functionality and should not bemodified when changing UAM pages
Extended UAM
The external UAM allows an external Web Application Server (WAS) to intercept and take part in the userauthentication process by externally logging-in and logging-out the user as necessary It also provides a meansto query subscribers session information
See the diagram and the description below for an explanation of how the extended UAM process works
Portal version 1
Network topology Access Controller (AC) and Portal (WAS) are in the same subnet Client communicationdirect to the AC isnt allowed
Any attempt to access the Internet using HTTP(S) (1) is intercepted by device and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS instructs the device to
UAM
Extended UAM 5
authenticate the user (5) At this stage the shared secret is used to establish the secure connection between theWAS and the device The device sends a RADIUS (Remote Authentication Dial In User Service) accessrequest to the appropriate server (6) receives the response (7) and informs the WAS about authenticationstatus The WAS then informs the client of the authentication result (8) and if authenticated the client isgranted access to the Internet
Portal version 2
Network topology Access Controller (AC) is located in private network and Portal (WAS) is located onremote server but doesnt have direct access or routes back to the AC In that case client during authenticationis redirected back to the AC and initiated authentication On AC suppose to be granted HTTPS or HTTPaccess for client
Any attempt to access the Internet using HTTP(S) (1) is intercepted by AC and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS initiates user redirectiondirectly to AC (5) At this stage user sends his credentials directly to AC (6) AC sends a RADIUS (RemoteAuthentication Dial In User Service) access request to the appropriate server (7) receives the response (8) andinforms the WAS about authentication status The WAS then informs the client of the authentication result (9)and if authenticated the client is granted access to the Internet
UAM
Portal version 1 6
The WAS location URL specified for the welcome page redirect must be included in the whitelist Refer to section WhiteBlack List Configuration of the respective document WILI-SConfiguration Reference Manual for details
Remote authentication must be enabled and the shared secret must be configured for extended UAM to work
Shared secrets must be the same on the WAS server and the WILI device to allow the opening of asecure SSL session between the WAS and the WILI-S based device
UAM Login URLs
UAM login URL can be configured in the WILI configuration file and should point to WAS portal On firstWeb access subscribers browser is redirected to the specified login URL Different parameters can be addedto the URL string to pass them to WAS This includes several special placeholders the WILI automaticallyreplaces with their respectable values The following table summarizes the available placeholders
Placeholder Descriptionnasid Returns the ID assigned to the NAS
wanip nasipReturns the IP address of the NAS interface the authentication request is sentfrom nasip is used as an alias for lanip in new implementation
wanportsslport
Returns the secure port number on the NAS where subscriber login information should besent to for authentication
nasip lanip Returns the IP address of the NAS interface the subscribers computer is connected tonasifc Returns the NAS interface name the subscribers computer is connected toclientip Returns the IP address of the subscribers computerclientmacmac
Returns the MAC address of the subscribers computer
clienturlourl
Returns the original URL requested by the subscriber
clientlanglang
Returns the Web browser language that is set on subscribers computer
Note In new portal implementations only bold placeholders should be used Duplicate placeholders areincluded only for backwards compatibility and in future versions may be removed Parameter nasifc isoptional but it should be sent back to NAS from portal for better performance
Examples
1 General URL
ltURLgtlt|ampgtclientlang=clientlangampnasid=nasidampnasip=nasipampnasifc=nasifcampclientip=clientipampclientmac=clientmacampwanport=wanportampourl=ourl
1 Specific URL with no default parameters overridden
httpsltWAS_IPgtltWAS_PORTgtportalcgisubscriber_key1=subscriber_value1ampsubscriber_key2=subscriber_value2
2 Specific URLs with nasip and wanport default parameters overrid
UAM
Portal version 2 7
httpsltWAS_IPgtportalphpcustomer_key1=customer_value1ampcustomer_key2=customer_value2ampnasip=19216823ampwanport=9000httpsltWAS_IPgtltWAS_PORTgtportalaspuser_ip=customer_value1ampcustomer_key2=customer_value2ampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
3 Specific URL with nasip and wanport default parameters overridden and placeholders used
httpsltWAS_IPgtltWAS_PORTgtportalcgicustomer_key1=clientipampcustomer_key2=ourlampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
There are two network scenarios when default parameters play different roles and should be overwritten insome cases
1 Assume that the WILI device is not behind a masquerading device and that its IP address is 19216822The subject domain name in its SSL certificates is wiliboxdomaincom The Host HTTP header should be setto one of
Host wiliboxdomaincom443 Host 19216822443
2 Assume that the WILI device is behind a masquerading device The masquerading device has the address192168103 and the device has the address 19216822 A NAT mapping is defined on the masqueradingdevice that redirects traffic received on port 443 to 19216822443 The login application on WAS must sendits requests to 192168103 which results in a HTTP Host header that contains one of the following
Host nattingroutercom443 Host 192168103443
When this request is forwarded to the WILI device it will be rejected To solve the problem the loginapplication on WAS must forge the host HTTP header This is easily done by plugging in the values returnedby the nasip and wanport placeholders
Host nasipwanport
The WILI device sends the username and password to the RADIUS server to authenticate the subscriber Ifauthentication is successful the subscribers IP or MAC address is used to grant wirelesswired networkaccess to the subscribers computer The WILI device returns a positive or negative answer for the subscriberlogin along with the relevant URLs that may be needed by the login application on WAS in order to redirectthe subscriber to either a Welcome page or a Login error page located on the WAS This information isreturned as standard plaintext with key-value content The login application on WAS must parse thisinformation to retrieve the response All possible responses are described below
Authentication Results
1 Remote user log-on produces XML output
ltlogongt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltreplymessagegtstringltreplymessagegt ltlogongt
UAM
UAM Login URLs 8
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 User logged onNot checked 100 Logon information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo password 105 No user password suppliedNo IPMAC 106 No user IP andor MAC address suppliedOk 110 User already logged onFailed to authorize 111 Failed to authorize userBad password 112 Bad username orand passwordNetwork failed 113 Network connection failedAccounting error 114 Accounting errorToo many users 115 Too many users connectedUnknown authorization error 120 Unknown authorization error
Responses from RADIUS are served with the following response line
ltreplymessagegtstringltreplymessagegt
If there are multiple RADIUS messages the line will be repeated to output all RADIUS responses Example
ltlogongt ltstatusgtFailed to authorizeltstatusgt lterrorgt111lterrorgt ltdescriptiongtFailed to authorize userltdescriptiongt ltreplymessagegtUser password is expiredltreplymessagegt ltreplymessagegtCan not authenticate user because user is disabledltreplymessagegt ltlogongt
In case RADIUS did not respond with custom messages replymessage tag will not be added to XML output
2 Remote user log-off produces XML output
ltlogoffgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltlogoffgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongt
UAM
Authentication Results 9
Ok 0 User logged offNot checked 100 Logoff information not checkedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address suppliedNo user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address and username not foundNo user by IP and MAC 123 User with supplied IP MAC addresses and username not foundFailed to logoff 131 Failed to logoff userCannot resolve IP 132 Cannot resolve user IPUnknown logoff error 140 Unknown logoff error
3 Remote user status produces XML output
ltppstatusgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltentry id=1gtstringltentrygt ltentry id=2gtstringltentrygt ltentry id=3gtstringltentrygt ltentry id=4gtstringltentrygt ltentry id=5gtstringltentrygt ltentry id=6gtstringltentrygt ltentry id=7gtstringltentrygt ltentry id=8gtstringltentrygt ltentry id=9gtstringltentrygt ltentry id=10gtstringltentrygt ltentry id=11gtstringltentrygt ltentry id=12gtstringltentrygt ltentry id=13gtstringltentrygt ltentry id=14gtstringltentrygt ltentry id=15gtstringltentrygt ltentry id=16gtstringltentrygt ltppstatusgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 Got user statusNot checked 100 Status information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address supplied
UAM
Authentication Results 10
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
The cgi files can be modified only if PHP knowledge is available Note that modification ofcgi files can affect the web management functionalityThe lib directory is designed to work with internal device functionality and should not bemodified when changing UAM pages
Extended UAM
The external UAM allows an external Web Application Server (WAS) to intercept and take part in the userauthentication process by externally logging-in and logging-out the user as necessary It also provides a meansto query subscribers session information
See the diagram and the description below for an explanation of how the extended UAM process works
Portal version 1
Network topology Access Controller (AC) and Portal (WAS) are in the same subnet Client communicationdirect to the AC isnt allowed
Any attempt to access the Internet using HTTP(S) (1) is intercepted by device and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS instructs the device to
UAM
Extended UAM 5
authenticate the user (5) At this stage the shared secret is used to establish the secure connection between theWAS and the device The device sends a RADIUS (Remote Authentication Dial In User Service) accessrequest to the appropriate server (6) receives the response (7) and informs the WAS about authenticationstatus The WAS then informs the client of the authentication result (8) and if authenticated the client isgranted access to the Internet
Portal version 2
Network topology Access Controller (AC) is located in private network and Portal (WAS) is located onremote server but doesnt have direct access or routes back to the AC In that case client during authenticationis redirected back to the AC and initiated authentication On AC suppose to be granted HTTPS or HTTPaccess for client
Any attempt to access the Internet using HTTP(S) (1) is intercepted by AC and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS initiates user redirectiondirectly to AC (5) At this stage user sends his credentials directly to AC (6) AC sends a RADIUS (RemoteAuthentication Dial In User Service) access request to the appropriate server (7) receives the response (8) andinforms the WAS about authentication status The WAS then informs the client of the authentication result (9)and if authenticated the client is granted access to the Internet
UAM
Portal version 1 6
The WAS location URL specified for the welcome page redirect must be included in the whitelist Refer to section WhiteBlack List Configuration of the respective document WILI-SConfiguration Reference Manual for details
Remote authentication must be enabled and the shared secret must be configured for extended UAM to work
Shared secrets must be the same on the WAS server and the WILI device to allow the opening of asecure SSL session between the WAS and the WILI-S based device
UAM Login URLs
UAM login URL can be configured in the WILI configuration file and should point to WAS portal On firstWeb access subscribers browser is redirected to the specified login URL Different parameters can be addedto the URL string to pass them to WAS This includes several special placeholders the WILI automaticallyreplaces with their respectable values The following table summarizes the available placeholders
Placeholder Descriptionnasid Returns the ID assigned to the NAS
wanip nasipReturns the IP address of the NAS interface the authentication request is sentfrom nasip is used as an alias for lanip in new implementation
wanportsslport
Returns the secure port number on the NAS where subscriber login information should besent to for authentication
nasip lanip Returns the IP address of the NAS interface the subscribers computer is connected tonasifc Returns the NAS interface name the subscribers computer is connected toclientip Returns the IP address of the subscribers computerclientmacmac
Returns the MAC address of the subscribers computer
clienturlourl
Returns the original URL requested by the subscriber
clientlanglang
Returns the Web browser language that is set on subscribers computer
Note In new portal implementations only bold placeholders should be used Duplicate placeholders areincluded only for backwards compatibility and in future versions may be removed Parameter nasifc isoptional but it should be sent back to NAS from portal for better performance
Examples
1 General URL
ltURLgtlt|ampgtclientlang=clientlangampnasid=nasidampnasip=nasipampnasifc=nasifcampclientip=clientipampclientmac=clientmacampwanport=wanportampourl=ourl
1 Specific URL with no default parameters overridden
httpsltWAS_IPgtltWAS_PORTgtportalcgisubscriber_key1=subscriber_value1ampsubscriber_key2=subscriber_value2
2 Specific URLs with nasip and wanport default parameters overrid
UAM
Portal version 2 7
httpsltWAS_IPgtportalphpcustomer_key1=customer_value1ampcustomer_key2=customer_value2ampnasip=19216823ampwanport=9000httpsltWAS_IPgtltWAS_PORTgtportalaspuser_ip=customer_value1ampcustomer_key2=customer_value2ampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
3 Specific URL with nasip and wanport default parameters overridden and placeholders used
httpsltWAS_IPgtltWAS_PORTgtportalcgicustomer_key1=clientipampcustomer_key2=ourlampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
There are two network scenarios when default parameters play different roles and should be overwritten insome cases
1 Assume that the WILI device is not behind a masquerading device and that its IP address is 19216822The subject domain name in its SSL certificates is wiliboxdomaincom The Host HTTP header should be setto one of
Host wiliboxdomaincom443 Host 19216822443
2 Assume that the WILI device is behind a masquerading device The masquerading device has the address192168103 and the device has the address 19216822 A NAT mapping is defined on the masqueradingdevice that redirects traffic received on port 443 to 19216822443 The login application on WAS must sendits requests to 192168103 which results in a HTTP Host header that contains one of the following
Host nattingroutercom443 Host 192168103443
When this request is forwarded to the WILI device it will be rejected To solve the problem the loginapplication on WAS must forge the host HTTP header This is easily done by plugging in the values returnedby the nasip and wanport placeholders
Host nasipwanport
The WILI device sends the username and password to the RADIUS server to authenticate the subscriber Ifauthentication is successful the subscribers IP or MAC address is used to grant wirelesswired networkaccess to the subscribers computer The WILI device returns a positive or negative answer for the subscriberlogin along with the relevant URLs that may be needed by the login application on WAS in order to redirectthe subscriber to either a Welcome page or a Login error page located on the WAS This information isreturned as standard plaintext with key-value content The login application on WAS must parse thisinformation to retrieve the response All possible responses are described below
Authentication Results
1 Remote user log-on produces XML output
ltlogongt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltreplymessagegtstringltreplymessagegt ltlogongt
UAM
UAM Login URLs 8
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 User logged onNot checked 100 Logon information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo password 105 No user password suppliedNo IPMAC 106 No user IP andor MAC address suppliedOk 110 User already logged onFailed to authorize 111 Failed to authorize userBad password 112 Bad username orand passwordNetwork failed 113 Network connection failedAccounting error 114 Accounting errorToo many users 115 Too many users connectedUnknown authorization error 120 Unknown authorization error
Responses from RADIUS are served with the following response line
ltreplymessagegtstringltreplymessagegt
If there are multiple RADIUS messages the line will be repeated to output all RADIUS responses Example
ltlogongt ltstatusgtFailed to authorizeltstatusgt lterrorgt111lterrorgt ltdescriptiongtFailed to authorize userltdescriptiongt ltreplymessagegtUser password is expiredltreplymessagegt ltreplymessagegtCan not authenticate user because user is disabledltreplymessagegt ltlogongt
In case RADIUS did not respond with custom messages replymessage tag will not be added to XML output
2 Remote user log-off produces XML output
ltlogoffgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltlogoffgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongt
UAM
Authentication Results 9
Ok 0 User logged offNot checked 100 Logoff information not checkedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address suppliedNo user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address and username not foundNo user by IP and MAC 123 User with supplied IP MAC addresses and username not foundFailed to logoff 131 Failed to logoff userCannot resolve IP 132 Cannot resolve user IPUnknown logoff error 140 Unknown logoff error
3 Remote user status produces XML output
ltppstatusgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltentry id=1gtstringltentrygt ltentry id=2gtstringltentrygt ltentry id=3gtstringltentrygt ltentry id=4gtstringltentrygt ltentry id=5gtstringltentrygt ltentry id=6gtstringltentrygt ltentry id=7gtstringltentrygt ltentry id=8gtstringltentrygt ltentry id=9gtstringltentrygt ltentry id=10gtstringltentrygt ltentry id=11gtstringltentrygt ltentry id=12gtstringltentrygt ltentry id=13gtstringltentrygt ltentry id=14gtstringltentrygt ltentry id=15gtstringltentrygt ltentry id=16gtstringltentrygt ltppstatusgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 Got user statusNot checked 100 Status information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address supplied
UAM
Authentication Results 10
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
authenticate the user (5) At this stage the shared secret is used to establish the secure connection between theWAS and the device The device sends a RADIUS (Remote Authentication Dial In User Service) accessrequest to the appropriate server (6) receives the response (7) and informs the WAS about authenticationstatus The WAS then informs the client of the authentication result (8) and if authenticated the client isgranted access to the Internet
Portal version 2
Network topology Access Controller (AC) is located in private network and Portal (WAS) is located onremote server but doesnt have direct access or routes back to the AC In that case client during authenticationis redirected back to the AC and initiated authentication On AC suppose to be granted HTTPS or HTTPaccess for client
Any attempt to access the Internet using HTTP(S) (1) is intercepted by AC and clients Web browser isredirected to the defined Login URL on the WAS (2 amp 3) After direct communication is established betweenthe client and the WAS and the user has entered hisher credentials (4) the WAS initiates user redirectiondirectly to AC (5) At this stage user sends his credentials directly to AC (6) AC sends a RADIUS (RemoteAuthentication Dial In User Service) access request to the appropriate server (7) receives the response (8) andinforms the WAS about authentication status The WAS then informs the client of the authentication result (9)and if authenticated the client is granted access to the Internet
UAM
Portal version 1 6
The WAS location URL specified for the welcome page redirect must be included in the whitelist Refer to section WhiteBlack List Configuration of the respective document WILI-SConfiguration Reference Manual for details
Remote authentication must be enabled and the shared secret must be configured for extended UAM to work
Shared secrets must be the same on the WAS server and the WILI device to allow the opening of asecure SSL session between the WAS and the WILI-S based device
UAM Login URLs
UAM login URL can be configured in the WILI configuration file and should point to WAS portal On firstWeb access subscribers browser is redirected to the specified login URL Different parameters can be addedto the URL string to pass them to WAS This includes several special placeholders the WILI automaticallyreplaces with their respectable values The following table summarizes the available placeholders
Placeholder Descriptionnasid Returns the ID assigned to the NAS
wanip nasipReturns the IP address of the NAS interface the authentication request is sentfrom nasip is used as an alias for lanip in new implementation
wanportsslport
Returns the secure port number on the NAS where subscriber login information should besent to for authentication
nasip lanip Returns the IP address of the NAS interface the subscribers computer is connected tonasifc Returns the NAS interface name the subscribers computer is connected toclientip Returns the IP address of the subscribers computerclientmacmac
Returns the MAC address of the subscribers computer
clienturlourl
Returns the original URL requested by the subscriber
clientlanglang
Returns the Web browser language that is set on subscribers computer
Note In new portal implementations only bold placeholders should be used Duplicate placeholders areincluded only for backwards compatibility and in future versions may be removed Parameter nasifc isoptional but it should be sent back to NAS from portal for better performance
Examples
1 General URL
ltURLgtlt|ampgtclientlang=clientlangampnasid=nasidampnasip=nasipampnasifc=nasifcampclientip=clientipampclientmac=clientmacampwanport=wanportampourl=ourl
1 Specific URL with no default parameters overridden
httpsltWAS_IPgtltWAS_PORTgtportalcgisubscriber_key1=subscriber_value1ampsubscriber_key2=subscriber_value2
2 Specific URLs with nasip and wanport default parameters overrid
UAM
Portal version 2 7
httpsltWAS_IPgtportalphpcustomer_key1=customer_value1ampcustomer_key2=customer_value2ampnasip=19216823ampwanport=9000httpsltWAS_IPgtltWAS_PORTgtportalaspuser_ip=customer_value1ampcustomer_key2=customer_value2ampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
3 Specific URL with nasip and wanport default parameters overridden and placeholders used
httpsltWAS_IPgtltWAS_PORTgtportalcgicustomer_key1=clientipampcustomer_key2=ourlampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
There are two network scenarios when default parameters play different roles and should be overwritten insome cases
1 Assume that the WILI device is not behind a masquerading device and that its IP address is 19216822The subject domain name in its SSL certificates is wiliboxdomaincom The Host HTTP header should be setto one of
Host wiliboxdomaincom443 Host 19216822443
2 Assume that the WILI device is behind a masquerading device The masquerading device has the address192168103 and the device has the address 19216822 A NAT mapping is defined on the masqueradingdevice that redirects traffic received on port 443 to 19216822443 The login application on WAS must sendits requests to 192168103 which results in a HTTP Host header that contains one of the following
Host nattingroutercom443 Host 192168103443
When this request is forwarded to the WILI device it will be rejected To solve the problem the loginapplication on WAS must forge the host HTTP header This is easily done by plugging in the values returnedby the nasip and wanport placeholders
Host nasipwanport
The WILI device sends the username and password to the RADIUS server to authenticate the subscriber Ifauthentication is successful the subscribers IP or MAC address is used to grant wirelesswired networkaccess to the subscribers computer The WILI device returns a positive or negative answer for the subscriberlogin along with the relevant URLs that may be needed by the login application on WAS in order to redirectthe subscriber to either a Welcome page or a Login error page located on the WAS This information isreturned as standard plaintext with key-value content The login application on WAS must parse thisinformation to retrieve the response All possible responses are described below
Authentication Results
1 Remote user log-on produces XML output
ltlogongt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltreplymessagegtstringltreplymessagegt ltlogongt
UAM
UAM Login URLs 8
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 User logged onNot checked 100 Logon information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo password 105 No user password suppliedNo IPMAC 106 No user IP andor MAC address suppliedOk 110 User already logged onFailed to authorize 111 Failed to authorize userBad password 112 Bad username orand passwordNetwork failed 113 Network connection failedAccounting error 114 Accounting errorToo many users 115 Too many users connectedUnknown authorization error 120 Unknown authorization error
Responses from RADIUS are served with the following response line
ltreplymessagegtstringltreplymessagegt
If there are multiple RADIUS messages the line will be repeated to output all RADIUS responses Example
ltlogongt ltstatusgtFailed to authorizeltstatusgt lterrorgt111lterrorgt ltdescriptiongtFailed to authorize userltdescriptiongt ltreplymessagegtUser password is expiredltreplymessagegt ltreplymessagegtCan not authenticate user because user is disabledltreplymessagegt ltlogongt
In case RADIUS did not respond with custom messages replymessage tag will not be added to XML output
2 Remote user log-off produces XML output
ltlogoffgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltlogoffgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongt
UAM
Authentication Results 9
Ok 0 User logged offNot checked 100 Logoff information not checkedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address suppliedNo user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address and username not foundNo user by IP and MAC 123 User with supplied IP MAC addresses and username not foundFailed to logoff 131 Failed to logoff userCannot resolve IP 132 Cannot resolve user IPUnknown logoff error 140 Unknown logoff error
3 Remote user status produces XML output
ltppstatusgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltentry id=1gtstringltentrygt ltentry id=2gtstringltentrygt ltentry id=3gtstringltentrygt ltentry id=4gtstringltentrygt ltentry id=5gtstringltentrygt ltentry id=6gtstringltentrygt ltentry id=7gtstringltentrygt ltentry id=8gtstringltentrygt ltentry id=9gtstringltentrygt ltentry id=10gtstringltentrygt ltentry id=11gtstringltentrygt ltentry id=12gtstringltentrygt ltentry id=13gtstringltentrygt ltentry id=14gtstringltentrygt ltentry id=15gtstringltentrygt ltentry id=16gtstringltentrygt ltppstatusgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 Got user statusNot checked 100 Status information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address supplied
UAM
Authentication Results 10
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
The WAS location URL specified for the welcome page redirect must be included in the whitelist Refer to section WhiteBlack List Configuration of the respective document WILI-SConfiguration Reference Manual for details
Remote authentication must be enabled and the shared secret must be configured for extended UAM to work
Shared secrets must be the same on the WAS server and the WILI device to allow the opening of asecure SSL session between the WAS and the WILI-S based device
UAM Login URLs
UAM login URL can be configured in the WILI configuration file and should point to WAS portal On firstWeb access subscribers browser is redirected to the specified login URL Different parameters can be addedto the URL string to pass them to WAS This includes several special placeholders the WILI automaticallyreplaces with their respectable values The following table summarizes the available placeholders
Placeholder Descriptionnasid Returns the ID assigned to the NAS
wanip nasipReturns the IP address of the NAS interface the authentication request is sentfrom nasip is used as an alias for lanip in new implementation
wanportsslport
Returns the secure port number on the NAS where subscriber login information should besent to for authentication
nasip lanip Returns the IP address of the NAS interface the subscribers computer is connected tonasifc Returns the NAS interface name the subscribers computer is connected toclientip Returns the IP address of the subscribers computerclientmacmac
Returns the MAC address of the subscribers computer
clienturlourl
Returns the original URL requested by the subscriber
clientlanglang
Returns the Web browser language that is set on subscribers computer
Note In new portal implementations only bold placeholders should be used Duplicate placeholders areincluded only for backwards compatibility and in future versions may be removed Parameter nasifc isoptional but it should be sent back to NAS from portal for better performance
Examples
1 General URL
ltURLgtlt|ampgtclientlang=clientlangampnasid=nasidampnasip=nasipampnasifc=nasifcampclientip=clientipampclientmac=clientmacampwanport=wanportampourl=ourl
1 Specific URL with no default parameters overridden
httpsltWAS_IPgtltWAS_PORTgtportalcgisubscriber_key1=subscriber_value1ampsubscriber_key2=subscriber_value2
2 Specific URLs with nasip and wanport default parameters overrid
UAM
Portal version 2 7
httpsltWAS_IPgtportalphpcustomer_key1=customer_value1ampcustomer_key2=customer_value2ampnasip=19216823ampwanport=9000httpsltWAS_IPgtltWAS_PORTgtportalaspuser_ip=customer_value1ampcustomer_key2=customer_value2ampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
3 Specific URL with nasip and wanport default parameters overridden and placeholders used
httpsltWAS_IPgtltWAS_PORTgtportalcgicustomer_key1=clientipampcustomer_key2=ourlampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
There are two network scenarios when default parameters play different roles and should be overwritten insome cases
1 Assume that the WILI device is not behind a masquerading device and that its IP address is 19216822The subject domain name in its SSL certificates is wiliboxdomaincom The Host HTTP header should be setto one of
Host wiliboxdomaincom443 Host 19216822443
2 Assume that the WILI device is behind a masquerading device The masquerading device has the address192168103 and the device has the address 19216822 A NAT mapping is defined on the masqueradingdevice that redirects traffic received on port 443 to 19216822443 The login application on WAS must sendits requests to 192168103 which results in a HTTP Host header that contains one of the following
Host nattingroutercom443 Host 192168103443
When this request is forwarded to the WILI device it will be rejected To solve the problem the loginapplication on WAS must forge the host HTTP header This is easily done by plugging in the values returnedby the nasip and wanport placeholders
Host nasipwanport
The WILI device sends the username and password to the RADIUS server to authenticate the subscriber Ifauthentication is successful the subscribers IP or MAC address is used to grant wirelesswired networkaccess to the subscribers computer The WILI device returns a positive or negative answer for the subscriberlogin along with the relevant URLs that may be needed by the login application on WAS in order to redirectthe subscriber to either a Welcome page or a Login error page located on the WAS This information isreturned as standard plaintext with key-value content The login application on WAS must parse thisinformation to retrieve the response All possible responses are described below
Authentication Results
1 Remote user log-on produces XML output
ltlogongt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltreplymessagegtstringltreplymessagegt ltlogongt
UAM
UAM Login URLs 8
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 User logged onNot checked 100 Logon information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo password 105 No user password suppliedNo IPMAC 106 No user IP andor MAC address suppliedOk 110 User already logged onFailed to authorize 111 Failed to authorize userBad password 112 Bad username orand passwordNetwork failed 113 Network connection failedAccounting error 114 Accounting errorToo many users 115 Too many users connectedUnknown authorization error 120 Unknown authorization error
Responses from RADIUS are served with the following response line
ltreplymessagegtstringltreplymessagegt
If there are multiple RADIUS messages the line will be repeated to output all RADIUS responses Example
ltlogongt ltstatusgtFailed to authorizeltstatusgt lterrorgt111lterrorgt ltdescriptiongtFailed to authorize userltdescriptiongt ltreplymessagegtUser password is expiredltreplymessagegt ltreplymessagegtCan not authenticate user because user is disabledltreplymessagegt ltlogongt
In case RADIUS did not respond with custom messages replymessage tag will not be added to XML output
2 Remote user log-off produces XML output
ltlogoffgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltlogoffgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongt
UAM
Authentication Results 9
Ok 0 User logged offNot checked 100 Logoff information not checkedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address suppliedNo user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address and username not foundNo user by IP and MAC 123 User with supplied IP MAC addresses and username not foundFailed to logoff 131 Failed to logoff userCannot resolve IP 132 Cannot resolve user IPUnknown logoff error 140 Unknown logoff error
3 Remote user status produces XML output
ltppstatusgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltentry id=1gtstringltentrygt ltentry id=2gtstringltentrygt ltentry id=3gtstringltentrygt ltentry id=4gtstringltentrygt ltentry id=5gtstringltentrygt ltentry id=6gtstringltentrygt ltentry id=7gtstringltentrygt ltentry id=8gtstringltentrygt ltentry id=9gtstringltentrygt ltentry id=10gtstringltentrygt ltentry id=11gtstringltentrygt ltentry id=12gtstringltentrygt ltentry id=13gtstringltentrygt ltentry id=14gtstringltentrygt ltentry id=15gtstringltentrygt ltentry id=16gtstringltentrygt ltppstatusgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 Got user statusNot checked 100 Status information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address supplied
UAM
Authentication Results 10
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
httpsltWAS_IPgtportalphpcustomer_key1=customer_value1ampcustomer_key2=customer_value2ampnasip=19216823ampwanport=9000httpsltWAS_IPgtltWAS_PORTgtportalaspuser_ip=customer_value1ampcustomer_key2=customer_value2ampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
3 Specific URL with nasip and wanport default parameters overridden and placeholders used
httpsltWAS_IPgtltWAS_PORTgtportalcgicustomer_key1=clientipampcustomer_key2=ourlampnasip=ltoverid nasip by valuegtampwanport=ltoverid wanport by valuegt
There are two network scenarios when default parameters play different roles and should be overwritten insome cases
1 Assume that the WILI device is not behind a masquerading device and that its IP address is 19216822The subject domain name in its SSL certificates is wiliboxdomaincom The Host HTTP header should be setto one of
Host wiliboxdomaincom443 Host 19216822443
2 Assume that the WILI device is behind a masquerading device The masquerading device has the address192168103 and the device has the address 19216822 A NAT mapping is defined on the masqueradingdevice that redirects traffic received on port 443 to 19216822443 The login application on WAS must sendits requests to 192168103 which results in a HTTP Host header that contains one of the following
Host nattingroutercom443 Host 192168103443
When this request is forwarded to the WILI device it will be rejected To solve the problem the loginapplication on WAS must forge the host HTTP header This is easily done by plugging in the values returnedby the nasip and wanport placeholders
Host nasipwanport
The WILI device sends the username and password to the RADIUS server to authenticate the subscriber Ifauthentication is successful the subscribers IP or MAC address is used to grant wirelesswired networkaccess to the subscribers computer The WILI device returns a positive or negative answer for the subscriberlogin along with the relevant URLs that may be needed by the login application on WAS in order to redirectthe subscriber to either a Welcome page or a Login error page located on the WAS This information isreturned as standard plaintext with key-value content The login application on WAS must parse thisinformation to retrieve the response All possible responses are described below
Authentication Results
1 Remote user log-on produces XML output
ltlogongt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltreplymessagegtstringltreplymessagegt ltlogongt
UAM
UAM Login URLs 8
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 User logged onNot checked 100 Logon information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo password 105 No user password suppliedNo IPMAC 106 No user IP andor MAC address suppliedOk 110 User already logged onFailed to authorize 111 Failed to authorize userBad password 112 Bad username orand passwordNetwork failed 113 Network connection failedAccounting error 114 Accounting errorToo many users 115 Too many users connectedUnknown authorization error 120 Unknown authorization error
Responses from RADIUS are served with the following response line
ltreplymessagegtstringltreplymessagegt
If there are multiple RADIUS messages the line will be repeated to output all RADIUS responses Example
ltlogongt ltstatusgtFailed to authorizeltstatusgt lterrorgt111lterrorgt ltdescriptiongtFailed to authorize userltdescriptiongt ltreplymessagegtUser password is expiredltreplymessagegt ltreplymessagegtCan not authenticate user because user is disabledltreplymessagegt ltlogongt
In case RADIUS did not respond with custom messages replymessage tag will not be added to XML output
2 Remote user log-off produces XML output
ltlogoffgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltlogoffgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongt
UAM
Authentication Results 9
Ok 0 User logged offNot checked 100 Logoff information not checkedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address suppliedNo user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address and username not foundNo user by IP and MAC 123 User with supplied IP MAC addresses and username not foundFailed to logoff 131 Failed to logoff userCannot resolve IP 132 Cannot resolve user IPUnknown logoff error 140 Unknown logoff error
3 Remote user status produces XML output
ltppstatusgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltentry id=1gtstringltentrygt ltentry id=2gtstringltentrygt ltentry id=3gtstringltentrygt ltentry id=4gtstringltentrygt ltentry id=5gtstringltentrygt ltentry id=6gtstringltentrygt ltentry id=7gtstringltentrygt ltentry id=8gtstringltentrygt ltentry id=9gtstringltentrygt ltentry id=10gtstringltentrygt ltentry id=11gtstringltentrygt ltentry id=12gtstringltentrygt ltentry id=13gtstringltentrygt ltentry id=14gtstringltentrygt ltentry id=15gtstringltentrygt ltentry id=16gtstringltentrygt ltppstatusgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 Got user statusNot checked 100 Status information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address supplied
UAM
Authentication Results 10
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 User logged onNot checked 100 Logon information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo password 105 No user password suppliedNo IPMAC 106 No user IP andor MAC address suppliedOk 110 User already logged onFailed to authorize 111 Failed to authorize userBad password 112 Bad username orand passwordNetwork failed 113 Network connection failedAccounting error 114 Accounting errorToo many users 115 Too many users connectedUnknown authorization error 120 Unknown authorization error
Responses from RADIUS are served with the following response line
ltreplymessagegtstringltreplymessagegt
If there are multiple RADIUS messages the line will be repeated to output all RADIUS responses Example
ltlogongt ltstatusgtFailed to authorizeltstatusgt lterrorgt111lterrorgt ltdescriptiongtFailed to authorize userltdescriptiongt ltreplymessagegtUser password is expiredltreplymessagegt ltreplymessagegtCan not authenticate user because user is disabledltreplymessagegt ltlogongt
In case RADIUS did not respond with custom messages replymessage tag will not be added to XML output
2 Remote user log-off produces XML output
ltlogoffgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltlogoffgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongt
UAM
Authentication Results 9
Ok 0 User logged offNot checked 100 Logoff information not checkedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address suppliedNo user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address and username not foundNo user by IP and MAC 123 User with supplied IP MAC addresses and username not foundFailed to logoff 131 Failed to logoff userCannot resolve IP 132 Cannot resolve user IPUnknown logoff error 140 Unknown logoff error
3 Remote user status produces XML output
ltppstatusgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltentry id=1gtstringltentrygt ltentry id=2gtstringltentrygt ltentry id=3gtstringltentrygt ltentry id=4gtstringltentrygt ltentry id=5gtstringltentrygt ltentry id=6gtstringltentrygt ltentry id=7gtstringltentrygt ltentry id=8gtstringltentrygt ltentry id=9gtstringltentrygt ltentry id=10gtstringltentrygt ltentry id=11gtstringltentrygt ltentry id=12gtstringltentrygt ltentry id=13gtstringltentrygt ltentry id=14gtstringltentrygt ltentry id=15gtstringltentrygt ltentry id=16gtstringltentrygt ltppstatusgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 Got user statusNot checked 100 Status information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address supplied
UAM
Authentication Results 10
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
Ok 0 User logged offNot checked 100 Logoff information not checkedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address suppliedNo user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address and username not foundNo user by IP and MAC 123 User with supplied IP MAC addresses and username not foundFailed to logoff 131 Failed to logoff userCannot resolve IP 132 Cannot resolve user IPUnknown logoff error 140 Unknown logoff error
3 Remote user status produces XML output
ltppstatusgt ltstatusgtstringltstatusgt lterrorgtnumericlterrorgt ltdescriptiongtstringltdescriptiongt ltentry id=1gtstringltentrygt ltentry id=2gtstringltentrygt ltentry id=3gtstringltentrygt ltentry id=4gtstringltentrygt ltentry id=5gtstringltentrygt ltentry id=6gtstringltentrygt ltentry id=7gtstringltentrygt ltentry id=8gtstringltentrygt ltentry id=9gtstringltentrygt ltentry id=10gtstringltentrygt ltentry id=11gtstringltentrygt ltentry id=12gtstringltentrygt ltentry id=13gtstringltentrygt ltentry id=14gtstringltentrygt ltentry id=15gtstringltentrygt ltentry id=16gtstringltentrygt ltppstatusgt
Response statuses and error codes
ltstatusgt lterrorgt ltdescriptiongtOk 0 Got user statusNot checked 100 Status information not checkedNo IP 101 No user IP address suppliedNo username 102 No username suppliedDisabled 103 Remote authentication is disabledBad secret 104 Bad shared secret suppliedNo IPMAC 106 No user IP andor MAC address supplied
UAM
Authentication Results 10
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
No user by MAC 121 User with supplied MAC not foundNo user by IP 122 User with supplied IP address not foundNo user by IP and MAC 123 User with supplied IP and MAC addresses not foundNo user by IP and username 141 User with supplied IP address and username not found
Provided detailed information by ID
ltidgt ltdecriptiongt1 User name2 User IP address3 User MAC address4 Session time5 Session ID6 User idle time7 Output bytes8 Input bytes9 User domain10 Remaining bytes11 Remaining output bytes12 Remaining input bytes13 Bandwidth upstream14 Bandwidth downstream15 Remaining session time16 Remaining total bytes
When there were no errors and user statistics was received successfully the following XML output will beproduced
ltppstatusgt ltstatusgtOkltstatusgt lterrorgt0lterrorgt ltdescriptiongtGot user statusltdescriptiongt ltentry id=1gtg17ltentrygt ltentry id=2gt1921682117ltentrygt ltentry id=3gt200347C92B63ltentrygt ltentry id=4gt000005ltentrygt ltentry id=5gt3E64C7967A36ltentrygt ltentry id=6gt000003ltentrygt ltentry id=7gt0 bytesltentrygt ltentry id=8gt0 bytesltentrygt ltentry id=9gttestlabltentrygt ltentry id=10gtunlimitedltentrygt ltentry id=11gtunlimitedltentrygt ltentry id=12gtunlimitedltentrygt ltentry id=13gt32 Mbpsltentrygt ltentry id=14gt32 Mbpsltentrygt ltentry id=15gt045955ltentrygt ltentry id=16gtunlimitedltentrygt ltppstatusgt
UAM
Authentication Results 11
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-
External UAM portal sample source code
Download sample portal code version 1
Download sample portal code version 2 (since v523)
Download sample portal code version 3 (since v526)
UAM
External UAM portal sample source code 12
- UAM
-