Engineering via SICAM WEB
SICAM RTUs, User Manual SICAM CMIC 137
DC8-001-2.09, Edition 08.2016
5.1.2.1.2 Authentication via External Service
For this mechanism a RADIUS server can be configured. The parameter Radius Authenti-
cation must be set to YES.
If the RADIUS authentication is enabled, SICAM CMIC uses the RADIUS server IP address
and the RADIUS shared secret key for the RADIUS communication.
After entering the login credentials and login attempt, SICAM CMIC sends these credentials to
the RADIUS server for authentication:
• If the RADIUS server is available, it compares the login credentials
─ If the comparison is successful, the RADIUS server returns the specific user role;
SICAM WEB and the internal role based protection mechanism use this role-
information for the user
─ If the login credentials are invalid, the logon fails
• If the RADIUS server is not available, SICAM CMIC runs into a timeout
─ If the fallback option is enabled, the authentication mechanism falls back to local au-
thentication and SICAM CMIC compares the credentials with the locally stored creden-
tials
− If the comparison is successful, SICAM CMIC returns the specific user role;
SICAM WEB and the internal role based protection mechanism use this role-
information for the user
− If the comparison is not successful, the logon fails
─ If the fallback option is not enabled, the logon fails
Configuration with RADIUS Server
The IP address of the RADIUS server must match with the setting in SICAM CMIC (parameter
Radius server IP address).
the shared key on the RADIUS server must match with the setting in SICAM CMIC (parameter
RADIUS shared secret key).
SICAM CMIC sends User-Name (attribute 1), User-Password (attribute 2), NAS Identifier (at-
tribute 32) and NAS Port (attribute 5) – possibly an application-specific server-side request –
to the RADIUS server.
The RADIUS server should be configurated that way, that after successful authentication the
role designed as a vendor-specific value (attribute 26) will be sent back.
You find detailed information on the RADIUS protocol under https://tools.ietf.org/html/rfc2865.
Structure of the authentication request from SICAM CMIC:
Connection via HTTP Connection via HTTPS
User-Name
User-Password
NAS-Identifier = „00:E0:A8:B0:DC:80“
NAS-Port= „80“
User-Name
User-Password
NAS-Identifier = „**:**:**:**:**:**“
NAS-Port= „443“
Structure of the response from the configured RADIUS server:
Benutzerrolle Administrator Benutzerrolle Guest
Service-Type = Login-User
Cisco-AVPair = „priv-lvl=15“
Service-Type = Login-User
Cisco-AVPair = „priv-lvl=0“
To Next Page
Loading...
