WifiDOG是一个热点系统,包含了认证服务器和客户端两部分组成,认证原理大体说下:
General Flow Description:
一般流程描述:
①The client does his initial request, as if he was already connected, (e.g.: )
②The Gateway's firewall rules mangle the request to redirect it to a local port on the Gateway. When that's the done, the Gateway provides an HTTP Redirect reply that contains the Gateway ID, Gateway FQDN and other informations
网关的防火墙规则将这个请求重定向到本地网关的端口上。当做完这个工作,网关提供一个HTTP重定向回复,包含了Gateway的ID,Gateway的FQDN以及其他的信息。
③The Client does his request to the Auth Server as specified by the Gateway, see Login Protocol
用户向认证服务器发出认证请求
gw_id=[GatewayID, default: "default"]
gw_address=[GatewayAddress, internal IP of router]
gw_port=[GatewayPort, port that wifidog Gateway is listening on]
url=[user requested url]
|
④The Gateway replies with a (potentially custom) splash (login) page
网关返回一个(可以是自定义的)splash(也称作“登录”)页面
⑤The Client provides his identification informations (username and password)
用户提供他的凭据信息,比如用户名和密码
⑥Upon succesful authentication, the client gets an HTTP Redirect to the Gateway's own web server with his authentication proof (a one-time token), [auth token]
成功认证的话,客户端将会被重定向到网关的自己的web页面上,并且带有一个 认证凭据(一个一次性的token),内容比如
[auth token]
⑦The Client then connects to the Gateway and thus gives it his token
用户就是用获取到的凭据访问网关
⑧The Gateway requests validation of the token from the Auth Server, see Client Protocol【见登录心跳】
网关去认证服务器询问token的有效性
⑨The Auth Server confirms the token
认证服务器确认token的有效性
①①The Gateway then sends a redirect to the Client to obtain the Success Page from the Auth Server, redirects to
网关发送重定向给客户端,以从认证服务器上获取 成功提示页面,重定向到 这个位置
①②The Auth Server notifies the Client that his request was successful
认证服务器通知客户请求成功,可以上网了
这个是原理图,大概需要11步才能完成认证,这种token认证方式有个好处,可以第三方认证后然后到wifidog的认证服务器取一个有效的token给用户,实现与第三方认证的整合。
阅读(18126) | 评论(3) | 转发(4) |