最近使用 RSA Authentication Manager, 并且与其自带的Radius server整合,
RSA的Radius server 配置不太透明, 目前只配成功了PAP方式的验证,CHAP目前不成功。
RSA Radius在token输错3次后有要求用户输入next token的安全设置方式,
开始不知道java如何处理,后来查了一些资料,Radius协议本身是无状态的,客户端第二次next token
的request需要跟上前一次response中的state才能让服务器识别出这个session,跟http 的 session是一个意思。
?
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
|
注意这个
?
1 |
|
处理的是PAP格式的请求。
First Token
17507862
17507862
>>>>>>>>>>>>>>>>>>>authenticate.
<81> ------------------- Request Packet -----------------
<81> Address: 10.207.67.63:1812 Packet Length: 50 Type:
Access-Request(1)
01 51 00 32 77 98 1B F0 - C0 39 C4 41 A0 6D BF 7A .Q.2w... -
.9.A.m.z
55 0D D5 F6 05 06 00 00 - 00 01 01 06 72 79 61 6E U....... -
....ryan
02 12 98 8C D9 43 C5 7E - 34 C2 E5 3A F5 31 21 4A .....C.~ -
4..:.1!J
13 78 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .x...... -
........
Attributes:
NAS-Port (5), Length: 6, Data: [# 1], 0x00000001
User-Name (1), Length: 6, Data: [ryan], [# 1920557422] / [IP 114.121.97.110],
0x7279616E
User-Password (2), Length: 18, Data: 0x988CD943C57E34C2E53AF531214A1378
<81> ---------------------------------------------------
<81> ------------------- Response Packet -----------------
<81> Address: 10.207.67.63:1812 Packet Length: 88 Type:
Access-Challenge(11)
0B 51 00 58 69 D2 A0 52 - C1 EC FC 7D 71 AA 91 42 .Q.Xi..R -
...}q..B
65 6E 4D 17 4C 06 00 00 - 00 00 12 30 0D 0A 50 6C enM.L... -
...0..Pl
65 61 73 65 20 45 6E 74 - 65 72 20 74 68 65 20 4E ease Ent - er
the N
65 78 74 20 43 6F 64 65 - 20 66 72 6F 6D 20 59 6F ext Code
- from Yo
75 72 20 54 6F 6B 65 6E - 3A 00 18 0E 53 42 52 2D ur Token -
:...SBR-
43 48 20 34 36 7C 31 00 - 00 00 00 00 00 00 00 00 CH 46|1. -
........
Attributes:
Prompt (76), Length: 6, Data: [# 0], 0x00000000
Reply-Message (18), Length: 48, Data:
0x0D0A506C6561736520456E74657220746865204E65787420436F64652066726F6D20596F757220546F6B656E3A00
State (24), Length: 14, Data: 0x5342522D43482034367C3100
<81> ---------------------------------------------------
>>>>>>>Response Result:11
>>>>>>>Response state:State (24), Length: 14, Data:
0x5342522D43482034367C3100
next Token
77340845
77340845
<100> ------------------- Request Packet -----------------
<100> Address: 10.207.67.63:1812 Packet Length: 64 Type:
Access-Request(1)
01 64 00 40 41 73 2F F7 - 74 13 A4 3D 98 76 58 84 [email protected]/.
- t..=.vX.
9C 8B 5A D3 05 06 00 00 - 00 01 18 0E 53 42 52 2D ..Z..... -
....SBR-
43 48 20 34 36 7C 31 00 - 01 06 72 79 61 6E 02 12 CH 46|1. -
..ryan..
A5 1C 73 E3 60 F0 57 21 - 39 9E 8A EA 8D BB 3C EA ..s.`.W! -
9.....<.
Attributes:
NAS-Port (5), Length: 6, Data: [# 1], 0x00000001
State (24), Length: 14, Data: 0x5342522D43482034367C3100
User-Name (1), Length: 6, Data: [ryan], [# 1920557422] / [IP 114.121.97.110],
0x7279616E
User-Password (2), Length: 18, Data: 0xA51C73E360F05721399E8AEA8DBB3CEA
<100> ---------------------------------------------------
<100> ------------------- Response Packet -----------------
<100> Address: 10.207.67.63:1812 Packet Length: 86 Type:
Access-Accept(2)
02 64 00 56 E5 63 66 C1 - 9F 85 75 47 09 97 CE AB .d.V.cf. -
..uG....
8A 7A 19 C4 19 37 53 42 - 52 32 43 4C 81 ED 94 D1 .z...7SB -
R2CL....
C8 E6 EA DE 8B 80 11 80 - 22 01 80 03 81 98 CE 80 ........ -
".......
02 80 05 81 B9 9E AC 96 - F0 12 80 0E 81 81 ED 94 ........ -
........
D1 C8 E6 EA DE 8B 80 80 - 80 84 9C 01 0B 55 73 65 ........ -
.....Use
72 2D 4E 61 6D 65 00 00 - 00 00 00 00 00 00 00 00 r-Name.. -
........
Attributes:
Class (25), Length: 55, Data:
0x53425232434C81ED94D1C8E6EADE8B801180220180038198CE8002800581B99EAC96F012800E8181ED94D1C8E6EADE8B808080849C
User-Name (1), Length: 11, Data: [User-Name], 0x557365722D4E616D65
<100> ---------------------------------------------------
>>>>>>>>>>>>>>>>>>>authenticate
again.
r.getErrorString():No Error (0)
Second nResult:2
Second nResult:2
Second nResult:Access-Accept
Final return:0
Java处理Radius access-challenge,布布扣,bubuko.com