Table of Contents
Advertisement
5.1.2.1.2 Authentication via External Service
For this mechanism a RADIUS server can be configured. The parameter
must be set to YES.
cation
If the RADIUS authentication is enabled, SICAM CMIC uses the RADIUS server IP address
and the RADIUS shared secret key for the RADIUS communication.
After entering the login credentials and login attempt, SICAM CMIC sends these credentials to
the RADIUS server for authentication:
·
If the RADIUS server is available, it compares the login credentials
─ If the comparison is successful, the RADIUS server returns the specific user role;
SICAM WEB and the internal role based protection mechanism use this role-
information for the user
─ If the login credentials are invalid, the logon fails
·
If the RADIUS server is not available, SICAM CMIC runs into a timeout
─ If the fallback option is enabled, the authentication mechanism falls back to local au-
thentication and SICAM CMIC compares the credentials with the locally stored creden-
tials
− If the comparison is successful, SICAM CMIC returns the specific user role;
SICAM WEB and the internal role based protection mechanism use this role-
information for the user
− If the comparison is not successful, the logon fails
─ If the fallback option is not enabled, the logon fails
Configuration with RADIUS Server
The IP address of the RADIUS server must match with the setting in SICAM CMIC (parameter
Radius server IP
the shared key on the RADIUS server must match with the setting in SICAM CMIC (parameter
RADIUS shared secret
SICAM CMIC sends User-Name (attribute 1), User-Password (attribute 2), NAS Identifier (at-
tribute 32) and NAS Port (attribute 5) – possibly an application-specific server-side request –
to the RADIUS server.
The RADIUS server should be configurated that way, that after successful authentication the
role designed as a vendor-specific value (attribute 26) will be sent back.
You find detailed information on the RADIUS protocol under https://tools.ietf.org/html/rfc2865.
Structure of the authentication request from SICAM CMIC:
Connection via HTTP
User-Name
User-Password
NAS-Identifier = „00:E0:A8:B0:DC:80"
NAS-Port= „80"
Structure of the response from the configured RADIUS server:
Benutzerrolle Administrator
Service-Type = Login-User
Cisco-AVPair = „priv-lvl=15"
SICAM RTUs, User Manual SICAM CMIC
DC8-001-2.09, Edition 08.2016
address).
key).
Connection via HTTPS
User-Name
User-Password
NAS-Identifier = „**:**:**:**:**:**"
NAS-Port= „443"
Benutzerrolle Guest
Service-Type = Login-User
Cisco-AVPair = „priv-lvl=0"
Engineering via SICAM WEB
Radius Authenti-
137
Advertisement
Table of Contents
