BW2251 User Guide v1.0
Nov. 2013
Page 168 of 187
When the Web Application server has all needed data from the client, it must try to authenticate (6)
the client. Authentication is done by the RADIUS server but through the AC. At this step the
shared
secret
is used to make the connection between the WAS and the AC. The AC re-sends the
authentication request to the RADIUS server (7). Depending on the status, appropriate authentication
status must be returned back to the WAS but through the AC (8). In step (9), the Web Application
Server knows the client authentication status and reports success or failure back to the client.
The Web Application Server (WAS) must be configured as a free site in the Walled
Garden area.
There is an ability to skip the rendering initial user pages from the .XSL. See the following scheme
when the user initial request is redirected to the specified location.
Scheme 2:
The remote authentication method when client with proxy authentication request is re-directed to the
external server (WAS):
Client
AC
WAS
RADIUS Server
1. Initial Request
2. Replay with
HTTP redirect
3. Direct client
communication
with WAS
4. Client sends
his/her login and
password
8. WAS reports
client status:
authenticated or
not
5. WAS tries to
authenticate
client
6. AC sends
request to
RADIUS
7. RADIUS replay
authenticated or
not
Figure 308 – Client Remote Authentication Scheme (2)
The initial client request (1) can be redirected to the specified location, as
redirection
URL
on the
Web Application server. In such case the client who wants to authenticate gets the redirection from
AC (2). In other words the AC intercepts any access to the Internet via HTTP and redirects the client
to the defined
welcome
, or
login
URL on WAS (also see:
User | Pages
). The further actions are the
same as described in the
Scheme 1
(
Figure 307 – Client Remote Authentication Scheme (1)
).
The WAS location URL under welcome page redirect must be configured as a free
site in the Walled Garden area.
To define such redirection URL use the
user | pages
menu. Enable
welcome
page, set the
redirect
setting and specify the redirect location for such authentication process (also see:
User | Pages
).