ACCESS GATEWAY
74 System Administration
Enabling AAA Services with an External Web Server
You are here because you want to enable the AAA Services with an External Web Server (EWS). In the EWS
mode, the Access Gateway redirects the subscriber’s login request to an external server.
1.
Select the External Web Server tab.
2.
Enter the Secret Key (The Access Gateway and the external authorization server must use
the same
secret key). The Secret Key ensures that the response the Access Gateway gets from the External Web
Server is valid.
DNS must be configured if you want to enter meaningful URLs instead of numeric IP
addresses into any of the Access Gateway’s configuration screens (for example, the
External login page URL in the following step).
3.
Enter a valid External login page URL.
4.
Configure the Parameter Signing options.
See Redirection Parameter Signing for more information about parameter signing.
5.
Click on the Save button to save your changes, click on Save then Reboot to reboot the
Access Gateway
and make the changes take effect immediately, or click on the
Restore button if you want to reset all the
values to their previous state (making changes to the EWS settings does not require a system reboot).
Redirection Parameter Signing
External Web Server (EWS) and Internal Web Server (IWS) Portal Page Parameters can be digitally signed,
preventing malicious subscribers from intercepting, forging and replaying URL redirection strings used by the
NSE and EWS or IWS Portal Page to validate subscriber access. This capability eliminates a vulnerability that
was previously exploited to gain unauthorized Internet access at charge-for-use sites.
The signing feature can create a cryptographically strong signature that protects the sensitive portions of a
URL redirection string (i.e., NSE ID, MAC address of the subscriber, etc), while letting the EWS/Portal Page
verify that the URL string has not been tampered or forged by the subscriber.
To Next Page
Loading...
