Filter
Top Products
Configuring Authentication
Field Data
Acct-Session-ID The unique ID for this client session
Acct-Session-Time The seconds this client was logged on this Access Controller. Sent only with a Stop packet.
Note: When an authenticated client roams to a new Access Controller, a Stop packet is sent upon
disassociation from the first Access Controller, and a Start packet is sent upon association with the new
Access Controller.
Configuring an XML-RPC Authentication Service
The 700wl Series system can use XML-RPC to request authentication and retrieve a user profile from an
external XML-RPC service. XML-RPC is a simple, portable way to make remote procedure calls using
HTTP as the transport and XML for encoding. Although related, it is not the same as general-purpose
XML. The 700wl Series system acts as an XML-RPC client, and communicates with an XML-RPC service
through HP’s XML-RPC Remote Profiles API.
Setting up the 700wl Series system to use XML-RPC for authentication and profile retrieval is a three-part
process:
• You must be running an XML-RPC service on the external system from which you want to obtain
authentication and user profiles. This service must accept an “authenticate” <methodCall> from the HP
Remote Profiles API, and to return the appropriate messageResponse. For a detailed discussion of the
API, including the specification of the call and response, see
“The Remote Profiles API” on page 5-24.
For more information on developing the XML-RPC service, see
“The XML-RPC Service” on page 5-24.
• You must configure the Rights Manager to send authentication requests to an XML-RPC server. This is
discussed in this section.
• Through the Rights Manager you must create Identity Profiles that match each group that can be
returned in a user profile. See “Creating or Editing an Identity Profile” on page 4-13 for an
explanation of how to create Identity Profiles. The Identity Profile name must match the returned
group name exactly.
Depending on the rights you want to grant to users, you may also need to create Access Policies to
be associated with these Identity Profiles in the Rights Table.
Once the XML-RPC authentication service has been configured, the authentication and authorization
process works as follows:
• When a new user (client) connects to the 700wl Series system, the system presents a logon page, and
retrieves the client’s user identification information, including username, password, the client’s MAC
address and the Access Controller Location through which he/she connected.
• The 700wl Series system uses this information to create an XML-RPC “authenticate” <methodCall>,
which it sends to the XML-RPC service via the URL defined in the XML-RPC authentication service
configuration. The Remote Profiles API passes to the XML-RPC service a basic set of user information
(username, password, MAC address, and a few other pieces of information) that the service can use to
authenticate the client.
• The Rights Manager receives a response that indicates whether the user has been successfully
authenticated (passed or failed). If the authentication was successful, the response also contains a
“user profile” that specifies the groups to which the user belongs, and a start and stop time for each
group.
5-22 HP ProCurve Secure Access 700wl Series Management and Configuration Guide