|
@@ -1,41 +1,48 @@
|
|
|
-#HvA project Implementation - 2015
|
|
|
|
|
-Currently under development<br>
|
|
|
|
|
-This project implementation, for the University of Applied Sciences of Amsterdam/ Hogeschool van Amsterdam<br>
|
|
|
|
|
- <br>
|
|
|
|
|
- Feel free to copy/use it for your own project.<br>
|
|
|
|
|
- Keep in mind that it took me several days/weeks, beers and asperines to make this.<br>
|
|
|
|
|
- So be nice, and give me some credit, I won't bite and it won't hurt you.<br>
|
|
|
|
|
- <br>
|
|
|
|
|
-Now that is said, I can explain what I've made.<br>
|
|
|
|
|
-First of all you need to understand the different parts of this project<br>
|
|
|
|
|
|
|
+# HvA project Implementation - 2015
|
|
|
|
|
|
|
|
-* SAS: Smart Authentication Server (JAVA Servlet)<br>
|
|
|
|
|
-* APS: Authentication Provider Service (LDAP directory)<br>
|
|
|
|
|
-* ARS: Authentication Request Server (VPN server and NPS with our extension DLL)<br>
|
|
|
|
|
-* APP: The android/ios app to enable the 2nd Authentication step<br>
|
|
|
|
|
-<br>
|
|
|
|
|
-A simple overview if the device is not registered in our APS:<br>
|
|
|
|
|
-> ARS send access request over RADIUS to NPS<br>
|
|
|
|
|
-> NPS extension receive access request<br>
|
|
|
|
|
-> NPS extension send authentication request to SAS<br>
|
|
|
|
|
-> SAS Authenticates the user via APS, APS returns NO userinfo<br>
|
|
|
|
|
-> SAS reply with code 2 (User needs device registration) and send sendmail request to APS<br>
|
|
|
|
|
-> APS sends email to user<br>
|
|
|
|
|
-> User follows instructions mail (Download from link and open from link)<br>
|
|
|
|
|
-> User logs in with device<br>
|
|
|
|
|
-> Device sends register request to SAS<br>
|
|
|
|
|
-> SAS forwards device registration request to APS<br>
|
|
|
|
|
-> APS registers device<br>
|
|
|
|
|
-> SAS sends result code to device<br>
|
|
|
|
|
-<br>
|
|
|
|
|
|
|
+Currently under development.
|
|
|
|
|
+This project implementation, for the University of Applied Sciences of Amsterdam/ Hogeschool van Amsterdam.
|
|
|
|
|
+
|
|
|
|
|
+- Feel free to copy/use it for your own project.
|
|
|
|
|
+- Keep in mind that it took me several days/weeks, beers and asperines to make this.
|
|
|
|
|
+- So be nice, and give me some credit, I won't bite and it won't hurt you.
|
|
|
|
|
+
|
|
|
|
|
+Now that is said, I can explain what I've made.
|
|
|
|
|
+First of all you need to understand the different parts of this project.
|
|
|
|
|
+There are 4 different parts
|
|
|
|
|
+- SAS: Smart Authentication Server (JAVA Servlet)
|
|
|
|
|
+- APS: Authentication Provider Service (LDAP directory)
|
|
|
|
|
+- ARS: Authentication Request Server (VPN server and NPS with our extension DLL)
|
|
|
|
|
+- APP: The android/ios app to enable the 2nd Authentication step
|
|
|
|
|
+
|
|
|
|
|
+Each part has its own folder in this repo. (Except for SAS and APS, same servlet).\
|
|
|
|
|
+There are 2 scenarios, 1 where the user has no device registered and 2 the case where there *is* a device registered.
|
|
|
|
|
+### Scenario 1
|
|
|
|
|
+A simple overview if the device is not registered in our APS:
|
|
|
|
|
+> ARS send access request over RADIUS to NPS\
|
|
|
|
|
+> NPS extension receive access request\
|
|
|
|
|
+> NPS extension send authentication request to SAS\
|
|
|
|
|
+> SAS Authenticates the user via APS, APS returns NO userinfo\
|
|
|
|
|
+> SAS reply with code 2 (User needs device registration) and send sendmail request to APS\
|
|
|
|
|
+> APS sends email to user\
|
|
|
|
|
+> User follows instructions mail (Download from link and open from link)\
|
|
|
|
|
+> User logs in with device\
|
|
|
|
|
+> Device sends register request to SAS\
|
|
|
|
|
+> SAS forwards device registration request to APS\
|
|
|
|
|
+> APS registers device\
|
|
|
|
|
+> SAS sends result code to device
|
|
|
|
|
+When this is done the user retry to login and will automaticly follow scenario 2
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
|
|
+### Scenarion 2
|
|
|
When a device is already registered in our APS it goes as followed:
|
|
When a device is already registered in our APS it goes as followed:
|
|
|
-> ARS send access request over RADIUS to NPS<br>
|
|
|
|
|
-> NPS extension receive access request<br>
|
|
|
|
|
-> NPS extension send authentication request to SAS<br>
|
|
|
|
|
-> SAS Authenticates the user via APS, APS return userInfo<br>
|
|
|
|
|
-> SAS sends a PUSH notification to device<br>
|
|
|
|
|
-> Device access response (approved or cancelled) is send to SAS<br>
|
|
|
|
|
-> SAS replies to ARS with corresponding code<br>
|
|
|
|
|
-> ARS proccesses the request (code 0= accept/ code 1=reject)<br>
|
|
|
|
|
-<br>
|
|
|
|
|
-You can find all the SAS error codes in the errorCode.java class<br>
|
|
|
|
|
|
|
+> ARS send access request over RADIUS to NPS
|
|
|
|
|
+> NPS extension receive access request
|
|
|
|
|
+> NPS extension send authentication request to SAS
|
|
|
|
|
+> SAS Authenticates the user via APS, APS return userInfo
|
|
|
|
|
+> SAS sends a PUSH notification to device
|
|
|
|
|
+> Device access response (approved or cancelled) is send to SAS
|
|
|
|
|
+> SAS replies to ARS with corresponding code
|
|
|
|
|
+> ARS proccesses the request (code 0= accept/ code 1=reject)
|
|
|
|
|
+
|
|
|
|
|
+You can find all the SAS error codes in the ErrorCode.java class
|
Deben Oldert