Manualshelf

MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (JP) Access Point
541542543544545546547548549550
C NOC authentication
Main benefits
Using a remote login page with NOC (network operations center) authentication provides you
with the following benefits:
The login page is completely customizable. You are not bound by the limits imposed by loading
a login page onto the controller.
Users can login to the public access interface without exposing their Web browsers to the SSL
certificate on the controller. This eliminates warning messages caused by having an SSL
certificate on the controller that is not signed by a well-known certificate authority.
If you want to support secure login with SSL, but have multiple controllers, using a remote
login page means you only need to purchase a single SSL certificate signed by a well-known
certificate authority, instead of one for each access point.
How it works
The NOC authentication feature provides a secure way of authenticating public access users, with
strong mutual authentication between the login application on the Web server hosting the remote
login page and the controller used for authenticating user logins. This occurs via the two
Colubris-AVPair value strings (ssl-noc-certificate and ssl-noc-ca-certificate), which define the locations
of two certificates. These certificates enable the controller to validate that the user login information
does indeed come from a trusted application. For example, from a login application on the Web
server.
The following diagram shows the sequence of events for a typical user session when using the
NOC-based authentication feature.
Unauthenticated user
attempts to browse a
Web site on the
protected network.
Web browser is redirected.
Request is intercepted.
Login application sends
login page.
User logs in.
User login info is
sent for authentication.
Login info is sent
to RADIUS server.
Login approved.
User configuration
settings are returned.
Login application sends
the Welcome page
with URL of originally
requested web site.
Login application initiates
an SSL connection with
the controller.
The login application's
SSL certificate is verified.
If valid, approves connection.
Login results message
is returned to the login
application.
.
RADIUS serverUser
Web server hosting
remote login page
Controller
Main benefits 549