External authentication procedure (detailed), Xml interface specification – Proxim ORiNOCO AP-2500 User Manual
Page 240
240
XML Interface Specification
External Authentication Procedure (Detailed)
Whenever a subscriber tries to access the Internet, it must pass through the AP. The AP tracks all packets flowing
through it by the source MAC address of the packet, which uniquely identifies the wireless card that the subscriber is
using. If the MAC address is already in the AP’s Authorized Subscribers Table, the AP will check the expiration time to
see if the user is able to access the Internet.
If the MAC address is not known, the AP automatically redirects all Web page requests from the subscriber to the
Login page stored on the External Web Server and passes several parameters to identify the subscriber and the AP.
This section defines the format of the URL redirect the AP and External Web Server must support in order to provide a
seamless Web page-based subscription signup process for the new subscriber. When the AP is configured for an
EWS, the EWS is responsible for interacting with accounting or authorizing services.
NOTE
The following procedure is an in-depth look at the communication process between the AP and an EWS when
authenticating a user. It describes the same procedure as
>
but in greater detail. Examples for each numbered item below can be found in
.
1. When a new subscriber opens his/her Web browser, the AP accepts the TCP connection and gets the original Web
Page Request from the subscriber. This URL is stored as the Origin Server (OS). The AP generates a META
Redirect, which causes the subscriber to automatically close the TCP connection with the AP and the Subscriber
will connect directly to the EWS (as configure by the administrator in the AP). Also, using the HTML GET method,
the AP displays the subscriber’s information in the URL line (such as the MAC address, etc.).
Example:
http://EWS_IP_ADDR/usg/newuserlogin.asp?UI=000450&UURL=http://AP_IP_ADDR/userok.htm&MA=
0010A4B732BB&RN=&OS=http://204.71.200.68&SC=18056
2. The EWS using the HTTP POST method sends the USER_ADD command to the AP with the MAC address
(captured from step #1), the User Name/Password (entered by user), Expiration Time (in seconds), Payment
Method, and Payment (payment amount).
3. The AP now using the HTTP POST method sends a reply indicating that it has received the command and has
executed it. (The AP adds the new user to the Authorized Subscribers Table.)
NOTE
The AP will send the reply to the original sender and only if that sender is located on the same server that has
been specified as the XML Sender IP Address in the AP's PublicSpace > AAA > Basic screen.
4. The EWS using the HTTP POST method sends the CACHE_UPDATE command to the AP with the MAC address
(captured from step #1).
5. The AP using the HTTP POST method sends a reply indicating that it has received the command and has
executed it. (The AP updates the user’s State from Pending to Valid in the Current Subscribers Table.)
6. The EWS using the HTTP POST method sends the SET_BANDWIDTH_UP with the Bandwidth-Up parameter.
7. The AP using the HTTP POST method sends a reply indicating that it has received the command and has
executed it.
8. The EWS using the HTTP POST method sends the SET_BANDWIDTH_DOWN with the Bandwidth-Down
parameter.
9. The AP using the HTTP POST method sends a reply indicating that it has received the command and has
executed it.
Definition of parsed parameters the AP sends over the URL line (GET method):
•
UI: The globally unique ID of the AP. The maximum length is 6 characters. It is actually the last 6 characters of the
AP’s public Ethernet port MAC address.
•
UURL: The URL on the AP to which the EWS should redirect the subscriber following successful Authorization.
•
MA: The unique MAC Address of the subscriber's Network Interface Card used to identify that subscriber.
•
RN: Identifies the room number. This feature is not currently support so RN will be blank.
•
OS: The Origin Server URL. This is the URL originally requested by the subscriber.
•
SC: A Security Code used as a key to generate the SC for the External Web Server when used with a credit card
clearing house; this parameter is not used when the AP is configured to communicate with an EWS over XML.