BW2251 User Guide v1.0
Nov. 2013
Page 167 of 187
Extended UAM
The
Extensions
feature (
User
menu) allows an external Web Application Server (WAS) to
intercept/take part in the user authentication process externally log on and log off the user as
necessary. It provides means to query user session information as well.
See the following schemes to understand how the remote client authentication works.
Scheme 1:
The remote authentication method when client’s authentication request is re-directed to the external
server (WAS):
Client
AC
WAS
RADIUS Server
1. Initial Request
3. Renders HTML
4. Direct client
communication
with WAS
5. Client sends
his/her login and
password
9. WAS reports
client status:
authenticated or
not
2. Fetch XSL
6. WAS tries to
authenticate
client
7. AC sends
request to
RADIUS
8. RADIUS reply
authenticated or
not
Figure 307 – Client Remote Authentication Scheme (1)
The Client initiates (1) authentication process. AC intercepts any access to the Internet via HTTP and
redirects the client to the
welcome
, or
login
URL on AC. In order to render the custom login screen
HTML page, the AC must be configured to (2) fetch .XSL script from a remote server, which in this
case is a Web Application Server (WAS), or have custom .XSL uploaded on the AC. There is the
ability to enable caching of .XSL scripts (see:
User | Pages
), thus avoiding fetching of the same
document every time a client requests authentication.
The AC (3) uses .XSL script to render HTML output, which is done by feeding a XML document to a
parsed and prepared for rendering .XSL script. The latter XML document contains all needed
information for Web Application Server like user name, password (if one was entered), user IP
address, MAC address and NAS-Id. Custom .XSL script must generate initial welcome/login screen
so that it embeds all the needed information in a HTML FORM element as hidden elements and
POST data not back to the AC, but to the Web Application Server (5). Thereafter the client
communicates directly with the Web Application Server.