1. 程式人生 > >WifiDog 認證原理和流程

WifiDog 認證原理和流程

WifiDOG是一個熱點系統,包含了認證伺服器和客戶端兩部分組成,認證原理大體說下:

General Flow Description:
一般流程描述:
①The client does his initial request, as if he was already connected, (e.g.: http://www.google.ca)
客戶端發出初始化請求,比如訪問 www.google.ca 這個站點

②The Gateway's firewall rules mangle the request to redirect it to a local port on the Gateway. When that's the done, the Gateway provides an HTTP Redirect reply that contains the Gateway ID, Gateway FQDN and other informations
閘道器的防火牆規則將這個請求重定向到本地閘道器的埠上。當做完這個工作,閘道器提供一個HTTP重定向回覆,包含了Gateway的ID,Gateway的FQDN以及其他的資訊。

③The Client does his request to the Auth Server as specified by the Gateway, see Login Protocol
使用者向認證伺服器發出認證請求

http://auth_server/login?
gw_id=[GatewayID, default: "default"]
gw_address=[GatewayAddress, internal IP of router]
gw_port=[GatewayPort, port that wifidog Gateway is listening on]
url=[user requested url]

④The Gateway replies with a (potentially custom) splash (login) page
閘道器返回一個(可以是自定義的)splash(也稱作“登入”)頁面

⑤The Client provides his identification informations (username and password)
使用者提供他的憑據資訊,比如使用者名稱和密碼

⑥Upon succesful authentication, the client gets an HTTP Redirect to the Gateway's own web server with his authentication proof (a one-time token), 

http://GatewayIP:GatewayPort/wifidog/auth?token=[auth token]
成功認證的話,客戶端將會被重定向到閘道器的自己的web頁面上,並且帶有一個 認證憑據(一個一次性的token),內容比如
http://GatewayIP:GatewayPort/wifidog/auth?token=[auth token]

⑦The Client then connects to the Gateway and thus gives it his token
使用者就是用獲取到的憑據訪問閘道器

⑧The Gateway requests validation of the token from the Auth Server, see Client Protocol【見登入心跳】
閘道器去認證伺服器詢問token的有效性

⑨The Auth Server confirms the token
認證伺服器確認token的有效性

①①The Gateway then sends a redirect to the Client to obtain the Success Page from the Auth Server, redirects to http://auth_server/portal/
閘道器傳送重定向給客戶端,以從認證伺服器上獲取 成功提示頁面,重定向到 http://auth_server/portal/這個位置

①②The Auth Server notifies the Client that his request was successful
認證伺服器通知客戶請求成功,可以上網了



這個是原理圖,大概需要11步才能完成認證,這種token認證方式有個好處,可以第三方認證後然後到wifidog的認證伺服器取一個有效的token給使用者,實現與第三方認證的整合。