I'm thinking of using radius in an open network to allow some navigation in a some local pages, and require authentication for Internet access. Is there any way to configure FreeRADIUS in that way? For example, have a NodeJS app and FreeRADUIS running in an ubuntu server, when a user connects to the network, redirect to a page that let's him use the NodeJS app, or sign in for Internet use
No. You need to use a captive portal server like Coova in order to provide walled garden functionality.
FreeRADIUS just implements the network policies.
If you want to redirect users to your application , then you must configure router with firewall rules, and you also have to setup captivate portal on this router (Like nodogsplash, coova-chilli)
In coova chilli you can define login url path.
freeradius is only for authentication,policy setup ,and data accounting.
In my scenario I am using mikrotik router with capative portal and freeradius setup. I set up router policy from freeradius (radreply section) WISPr-Redirection-URL
for refrence you can check here: Mikrotik official site for radius attributes
Related
I have an Azure Function where I have enabled Authentication with the Identity provider being Microsoft. With Postman, I get my token, call the root page ("Your Functions 4.0 app is up and running"), pass it in the Authorization header and it responds correctly.
Once I enable vNet Integration, the function respond with the error
The page cannot be displayed because an internal server error has occurred.
What did I missed?
The post is quite old and there is no information on the VNet integration setup, but anyway.
The issue might be because of the VNet Integration setting called Route All.
According to the official Azure documentation,
If Route All is disabled, your app only routes private traffic into your virtual network. If you want to route all your outbound app traffic into your virtual network, make sure that Route All is enabled.
So I believe the Route All is enabled in your configuration. And you should try to disable it:
Go to Vnet Integration
Disable toggle Route All as it is in the screenshot below
Is it generally possible to have a Microsoft Azure in the background to act as a SSO Authentication server for Apache auth?
The example is:
There are many users inside the Microsoft Azure
I have a Webpage on a Linux server served by Apache2
The webpage should be protected (exactly like basic-auth) by Azure (via SSO)
If the user is signed in into Azure and has rights, he can see the website
If the user is not signed in, he will be redirected back to Azure's login-page and after successful login will back to the webpage.
Is this generally possible?
If so what technologies/modules do I have to use for apache in order to speak with Azure?
Thanks for any hints towards the right direction.
Update
The Azure server is already fully configured. I just need to sort out the end on Apache.
I think what you are looking for is Azure Active Directory. it is an Identity as a Service product that supports modern protocols like OAuth, OpenID Connect. There's a client SDK called ADAL (Active Directory Authentication Library), but since it's standard protocols, you can integrate with other standard based authentication libraries. For example, the node.js tutorial shows how to use passport.
You didn't mention what web stack you are using but it's most likely listed here:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-developers-guide/
On a side note: if you can host your app on Azure Web App Service then it has built in integration with Azure Active Directory, so you can add a layer of authentication on top of your website without modifying your application code.
More info on that here: https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-active-directory-authentication/
I've created an app that uses Javascript and php. The php is hosted on an apache server which is located in my house and is not accessible from outside. To start the 'app' I just point my browser at
http://server-ip-address/my-app
The problem I'm having is with SoundCloud Authentication.
If I'm using a browser on the same machine as the apache server then I can authenticate using a redirect URL of
http://localhost/my-app/callback.html
and setting this in the app settings on soundcloud.com and the initialise function in the SDK.
The problem is, what if I'm not running the browser on the same machine as the apache server? The app is a remote control for a music player, hence the server will generally be running on a headless PC and the app will be accessed from another device. There seems to be no way to get Authentication to work in both these scenarios since the URI I send in the initialise function has to match the one on the soundcloud app settings and I have no way of knowing what server-ip-address will be for everyone who might use the app.
Unless you do have a way of locating that server (with static IP or some dynamic DNS service) you won't be able to authenticate – SoundCloud has to pass the oauth_token somewhere.
we have a sharepoint 2010 site and are using the same url to access it from inside and outside the network.
our issue is that we don't want users inside our network to get asked for credentials when accessing the site.
if, for example, the url we wanted to use was https://sp.domain.com, how would we set this up?
You can do this via Alternate Access mappings. Have two zones for your sharepoint site: Intranet and Extranet. In AAM settings:
Intranet : http://sp.domain.com
Extranet: http://extranet.domain.com
You did not specify which authentication scheme if you are using for outside network. If its forms authentication, you can set Windows for 1 and Forms authentication for 2.
However, if its AD only for both, you will have to have sp.domain.com configured as Intranet Url and extranet.domain.com as Internet Url in each of client computer. This can be done using group policy.
Your proxy server will have to do the work of transferring the sp.domain.com from external network to extranet.domain.com internally.
Good to read:
http://sharepoint.microsoft.com/blog/Pages/BlogPost.aspx?pID=804
I have a scenario where I have a web application hosted externally (ie: the webserver is not a member of my internal active directory domain).
I would like to authenticate users of the web app using their active directory credentials.
Is there a product or some setup I can use to accomplish this?
Generally this is achieved by authenticating to the AD server with LDAP. I'd recommend using LDAP+SSL to keep the passwords from going out in plaintext, and other than that you should be fine - as long as there aren't any firewalls in the way.