Authenticating Customers; Example 1; Example 2 - Colubris Networks CN3000 Administrator's Manual

Chapter 8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOC authentication - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 8

Authenticating customers

Once a customer has supplied login information on the remote login page, the login
application must submit an authentication request containing the customer's login
name, password, and IP address to the CN3000 by establishing an SSL session to the
following URL:
https://CN3000_ip:8090/goform/HtmlNocLoginRequest
?username= username &password= password &ipaddr= customer_ip
Where:

Example 1

Assume that the CN3000 is not behind a NATing device, and that its IP address is
192.168.4.2. The subject DN in its SSL certificates is www.noc-cn3.com.
The Host HTTP header should be set to one of:
• Host: www.noc-cn3.com:8090
• Host: 192.168.4.2:8090

Example 2

Assume that the CN3000 is behind a NATting device. The device has the address
192.168.30.173, and the CN3000 has the address 192.168.4.2. A NAT mapping is
defined on the NATting device that redirects traffic received on port 8090 to
192.168.4.2:8090.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 180 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Parameter Description
CN3000_ip Defines the IP address of the CN3000 or you could use a
domain name if you have defined one using the hosts file on the
web server. (By default, the secure web server on the CN3000
operates on port 8090. This can be changed on the
Management Tool page if required.)
The CN3000 requires that the contents of the Host HTTP
header match the actual domain name/IP address and port the
CN3000 is operating on:
Host:
CN3000_domain_name:secure_web_server_port_number
or
Host: CN3000_IP_address:secure_web_server_port_number
This will usually be the case, unless the CN3000 is behind a
device that provides network address translation (NAT). In this
situation, the login application must manually forge the Host
HTTP header. The easiest way to do this is to define login-
url with the %i and %p placeholders. This returns the domain
name of the CN3000 and the port number of its secure web
server. The login application can then construct the appropriate
Host HTTP header.
Username supplied by the customer.
username
Password supplied by the customer.
password
IP address of the customer's compter.
customer_ip