API v2: External authentication¶
Data structures¶
Attribute | Type | Required | Description |
---|---|---|---|
id | string | yes | Read-only object Identifier |
type | string {cerb, radius, ldap, ad} | yes | Immutable |
address | string | yes | |
port | number {from 1 to 65535 } |
yes | |
bindto | string | no | Bind address. Include labels like ‘fudo:label:test’ or ip address |
cerb | ExternalAuthentication-CerbModel | If type == cerb |
Cerb object definiton |
radius | ExternalAuthentication-RadiusModel | If type == radius |
Radius object definiton |
ldap | ExternalAuthentication-LdapModel | If type == ldap |
LDAP object definiton |
ad | ExternalAuthentication-AdModel | If type == ad |
Active Directory object definiton |
tls_enabled | boolean | no | Enable TLS protocol |
tls_certificate | string | If tls_enabled == true |
|
second_factor_type | string {duo, oath, sms} | no | |
created_at | datetime | Read-only | |
modified_at | datetime | Read-only | |
removed | boolean | Read-only |
Attribute | Type | Description |
---|---|---|
secret | string | Password to cerb provider; required; write-only |
radius_nasid | string | Correct value of NAS id of Cerb provider |
Attribute | Type | Description |
---|---|---|
secret | string | Password to cerb provider; required; write-only |
radius_nasid | string | Correct value of NAS id of Radius provider |
Attribute | Type | Description |
---|---|---|
ldap_binddn | string | Bind domain to LDAP provider; required |
Attribute | Type | Description |
---|---|---|
login | string | |
secret | string | Password to cerb provider; required; write-only |
ad_domain | string | Bind domain to AD provider; required |
Request for retrieving available attributes of the ExternalAuthenticationModel
Method | GET
|
Path | /api/v2/objspec/external_authentication
|
Note
To check allowed methods, available URL parameters and possible responses please refer to the API overview section.
The next chapter describes procedures for creating separate requests.
Refer to the Batch operations topic to create nested requests for operating on the External Authentication objects.
Retrieving external authentication methods list¶
Request
Method | GET
|
Path | /api/v2/external_authentication
|
Example request
Sending GET https://10.0.0.0/api/v2/external_authentication
Response
{
"result": "success",
"external_authentication": [
{
"id": "1234538875067072557",
"type": "ad",
"port": 636,
"ad_domain": "jdoe.local",
"created_at": "2021-08-09 19:40:05.171853+02",
"modified_at": "2021-08-09 19:40:05.171853+02",
"address": "10.0.139.100",
"tls_enabled": true,
"tls_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIFrTCCBJWgAwIBAg...ic=\r\n-----END CERTIFICATE-----\r\n"
},
{
"id": "12345138875067072517",
"type": "ldap",
"port": 389,
"ldap_binddn": "dc=qa-ldap,dc=null",
"created_at": "2021-03-03 14:11:52.245683+01",
"modified_at": "2021-03-03 14:14:46.052855+01",
"address": "10.0.235.1",
"tls_enabled": false,
"tls_certificate": ""
},
{
"id": "12345067072573",
"type": "cerb",
"port": 1812,
"created_at": "2022-10-19 10:23:11.29545+02",
"modified_at": "2022-10-19 10:58:12.325396+02",
"address": "10.0.234.21",
"radius_nasid": "",
"tls_enabled": false,
"tls_certificate": ""
},
{
"id": "3234566775067072572",
"type": "radius",
"port": 1812,
"created_at": "2022-10-19 10:08:23.160433+02",
"modified_at": "2022-10-19 10:19:50.525671+02",
"second_factor_type": "oath",
"address": "10.0.0.1",
"radius_nasid": "abcdeg",
"tls_enabled": true,
"tls_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIG5jC...2MOXV1x+eQAm0Vy\r\n-----END CERTIFICATE-----\r\n"
}]}
Modifying external authentication method¶
Request
Method | PATCH
|
Path | /api/v2/external_authentication/<id>
|
Headers | Content-Type: Application/JSON
|
Body | ExternalAuthenticationModel
|
Example request: Adding SMS authentication for second factor to AD authentication
Sending PATCH https://10.0.0.0/api/v2/external_authentication/1234538875067072557
{"second_factor_type": "sms"}
Response
{ "result": "success"}
Creating an external authentication method¶
Request
Method | POST
|
Path | /api/v2/external_authentication
|
Headers | Content-Type: Application/JSON
|
Body | ExternalAuthenticationModel
|
Example request: Creating Cerb definition with second factor OATH authentication
Sending POST https://10.0.0.0/api/v2/external_authentication
{ "type": "cerb",
"port": 1812,
"address": "10.0.234.21",
"radius_nasid": "abcds",
"secret": "my-password",
"tls_enabled": false,
"second_factor_type": "oath" }
Response
{ "result": "success",
"external_authentication": {
"id": "123456819172646913" }}
Deleting an external authentication method¶
Request
Method | DELETE
|
Path | /api/v2/external_authentication/<id>
|