|ClearBox Server v1.2 Developer's Guide|
This article gives an explanation of the RADIUS-specific authorization performed by ClearBox Server on reception of RADIUS authentication request packet. Note that authorization is not a part of RADIUS protocol and used by ClearBox Server as a part of authentication packet processing. Read more about authorization concepts, RADIUS concepts and RADIUS attributes properties used in authorization process.
RADIUS authorization is not used if IRADIUSAuthorization interface is not implemented by server extension.
First, Service-Type RADIUS attribute is checked. If it is present and has "Authenticate Only" value, authorization process is skipped.
Next, IRADIUSAuthorization::GetAutorejectAttributes is called to get "AutoReject List" of attributes. If any of these attributes are present in the packet, it is rejected. Note, that attribute comparison is performed according to flags which any attribute in AutoReject List may have.
If AutoReject List is passed, server calls IRADIUSAuthorization::GetRequestMatchAttributes to get list of "RequestMatch attributes", or "RequestMatch list". For every attribute in RequestMatch list server searches for an attribute with the same type in the packet. If it is not found,
If an attribute from the packet is found with the same type as an attribute from RequestMatch list
If RequestMatch list is passed, server gets list of attributes which should be included in response packet ("Response list"), calling IRADIUSAuthorization::GetResponseAttributes. But before this call server calls IRADIUSAuthorization::NeedAllAttributes to detect whether full list of attributes from request packet should be passed to IRADIUSAuthorization::GetResponseAttributes or no attributes should be passed. Server may reject user after calling to IRADIUSAuthorization::GetResponseAttributes. For every attribute from Response list F_ECHO flag is checked. If this flag is present,
© 2001-2003 XPerience Technologies. www.xperiencetech.com
|Created by chm2web html help conversion utility.|