Authentication methods

Conventions and symbols:

• url: fudo connection address,
• ->: fudopv request,
• <-: response from Fudo PAM,
• status: response status,
• FUDO: Fudo IP address,
• USER: username,
• SECRET: password (static/OTP),
• SESSIONID: session token,
• method: HTTP protocol method: GET/POST/PUT,
• {“key”: “value”}: JSON included in the request/response.

Static password

Static user password, stored in the secret.txt file.

• -> url: https://FUDO/api/portal/login

• -> method: POST

• -> {"username": "USER", "password": "SECRET"}

• <- status:

  • 200, OK
    • <- {"sessionid": "SESSIONID"}
  • 401, UNAUTHORIZED

  • <- Not applicable.

Token

One time password stored in the otp.txt file.

• -> url: https://FUDO/api/portal/login

• -> method: POST

• -> {"username": "USER", "otp": "SECRET"}

• <- status:

  • 200, OK
    • <- {"otp": NEW_SECRET, "sessionid": "SESSIONID"}
  • 401, UNAUTHORIZED

  • <- Not applicable.

After saving new password in the otp.txt, fudopv sends a confirmation message.

• -> url: https://FUDO/api/portal/confirm
• -> method: POST
• -> {"otp": "NEW_SECRET"}
• <- status: 204, NO CONTENT

Related topics:

• Compiling fudopv tool
• Deploying fudopv without compiling source files
• Using fudopv