aradial user management http api v1 api request should use the following url format: ... which is...
TRANSCRIPT
Aradial User Management HTTP API Specification
Page 2
©2008 Aradial This document contains proprietary and confidential information of Aradial and shall not be reproduced or transferred to other documents, disclosed to others, or used for any purpose other than that for which it is furnished, without the prior written consent of Aradial. It shall be returned to the Aradial upon request.
The trademark and service marks of Aradial, including the Aradial logo, are the exclusive property of Aradial, and may not be used without permission. All other marks mentioned in this material are the property of their respective owners.
Document Information
Software Version: 3.8 Document Version: 1.3 Publication Date: September 2008
Aradial User Management HTTP API Specification
Page 3
Contents
1. Introduction.......................................................................................................................... 4 Document Purpose and Scope ................................................................................................... 4
2. Principles of the API ........................................................................................................... 5 HTTP Server............................................................................................................................... 5 HTTP Method............................................................................................................................. 5 URL Format................................................................................................................................ 5 Security........................................................................................................................................ 5 The Page Parameter.................................................................................................................... 6 Query Mechanism ...................................................................................................................... 6 Date and time formats ................................................................................................................ 8
3. User Management API ....................................................................................................... 9 Create User.................................................................................................................................. 9 Update User .............................................................................................................................. 12 Delete User................................................................................................................................ 19 Get User List ............................................................................................................................. 21 Get Single User......................................................................................................................... 24 Get User Online Sessions......................................................................................................... 26 Get User Session History ......................................................................................................... 29
4. Group management API .................................................................................................. 32 Create a group........................................................................................................................... 32 Update Group............................................................................................................................ 37 Delete a group........................................................................................................................... 40 Get Group List .......................................................................................................................... 42 Get a Single Group ................................................................................................................... 45
5. Dynamic Authorization APIs .......................................................................................... 47 Passive Disconnect a Session................................................................................................... 47 Radius Forwarder ..................................................................................................................... 49 Disconnect Session................................................................................................................... 50 Change of Authorization .......................................................................................................... 52 RADIUS User Request ............................................................................................................ 54 Disconnect User........................................................................................................................ 56
Aradial User Management HTTP API Specification
Page 4
1. Introduction
Document Purpose and Scope This document describes the HTTP variant of Aradial User Management API. This API is used to manage user profiles in Aradial user database. The API provides CRUD (Create/Read/Update/Delete) operations for the user profile entity, and specifically it provides the following operations: • Add a user • Modify a user • Delete a user • Search for a user • Get user online sessions • Get user session history
The document includes the following chapters:
• Chapter 1 – Introduction • Chapter 2 – Principles of the API • Chapter 3 – Provides a detailed description of the User Management API • Chapter 4 – Group management APIs • Chapter 5 – Miscellaneous APIs
Aradial User Management HTTP API Specification
Page 5
2. Principles of the API
HTTP Server The API is implemented by the Aradial Admin web server. This is the same server that implements the Aradial Admin application, although a separate instance of the server can be deployed to serve the API.
HTTP Method The API has the form of an HTTP request, with a POST or GET method. Except for the Add/Modify user operations, which must use the POST method, all other operations can use either POST or GET.
URL Format The API request should use the following URL format:
Example:
Security All API requests must include authentication information, according to the HTTP basic authentication scheme. The authentication information must point to an Aradial user with the “API” administration rights, which is a special type of user role that is used for the user management API. Example: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== Note: The user name and password are base64 encoded.
http://{address of Aradial Admin}:{Port Of Aradial Admin}/Admin
http://localhost:8000/Admin
Aradial User Management HTTP API Specification
Page 6
NOTE: Aradial default database does not contain any user with an API admin rights. Therefore, before using the API, such a user must be created in the Aradial user database and used in all API invocations.
The Page Parameter The page parameter is used in all the API operations and is used determine the type of operation used by the request. Examples: • In order to update user information, the page name is "UserEdit" • In order to get user sessions, the page name is "UserSessions".
Query Mechanism The User Management API provides a mechanism for performing complex queries. A complex query is described using one or more HTTP parameters as described below: Name Description qdb_XXX A Parameter with the "qdb_" prefix describes an expression to be
included in the "where" clause of the query SQL statement that will be performed on the Aradial database. The XXX is the field name for which the value is checked. The relation operation associated with the parameter is equality (Match for Strings), except if specified otherwise (See the op_XXX parameter). The Field name may have on of the following formats: • fieldname – No type is specified, considered to be string • $fieldType$fieldName – The field type is specified, and may be
one of the following: o S – String o N – An integer number o F – Floating point number o D – Date. The date format should be according to the
"DateFormat" setting in the "Misc" configuration section, or "MM-DD-YY" if not specified.
o T – Time of day, should be in "hh[:mm][:ss] format o I - IP Address, should be in numeric format
(xxx.yyy.zzz.aaa) op_XXX A parameter with the "op_" prefix describes the relational operation to
do for a single qdb_ parameter. This parameter must be placed before the qdb_XXX parameter to which it relates. The operator should be one of the following: ">", "<" and "=".
qdb_clause This parameter is a simple expression that is added to the "where" part of the SQL select statement.
Aradial User Management HTTP API Specification
Page 7
Query Samples Sample1 Query Parameters:
Resulting where clause:
Sample2 Query Parameters:
Resulting where clause:
Sample3 Query Parameters:
Resulting where clause:
qdb_Users.UserId=a%
Where Users.UserId = ‘a%’
op_$N$Users.TimeBank=> qdb_$N$Users.TimeBank=20 op_$N$Users.TimeBank=< qdb_$N$Users.TimeBank=50
Where Users.TimeBank > 20 and Users.TimeBank < 50
op_$N$Users.TimeBank=> qdb_$N$Users.TimeBank=20 op_$N$Users.TimeBank=< qdb_$N$Users.TimeBank=50 qdb_Clause=Users.GroupName in ("Group1", "Group2", "Group3")
Where Users.TimeBank > 20 and Users.TimeBank < 50 And Users.GroupName in ("Group1", "Group2", "Group3")
Aradial User Management HTTP API Specification
Page 8
Date and time formats All date fields ($D$) can be sent either by the Date Format derived from the configuration settings format (not recommended), or by the following format:
For Date:
DYYYY-MM-DD
For Date Time:
TYYYY-MM-DD hh:mm:ss
Aradial User Management HTTP API Specification
Page 9
3. User Management API This chapter provides detailed description of the User Management API operations. The parameters of each operation may have one of the following types: • M – Mandatory • O – Optional • C – Conditional. The parameter may be mandatory or not, depending on some condition,
which is specified in the parameter description. • OV – Optional for VOIP module only
Create User
Description Add a user profile to the Aradial user profile database.
Http Method Must be POST.
Parameters Name Description Type Page Selects the Create User operation. Must be
“UserEdit”. M
Add Indicates that this is an add operation. Must have a value of “1”.
M
Db_Users.UserId The user name for the new user. M Password The plain password of the new user. This
parameter is mandatory if Aradial is configured to store passwords locally. Otherwise it is not used.
C
PasswordEncryptionType If this option exists with non empty value, it is assumed that the "Password" field is already encrypted according to the numeric value as bellow: 0 - Plain password. 1 - Sha encrypted password. 2 -Unix Crypt (By DES) encryption password. 5 - Unix Crypt (By MD5) encryption password. 7 – Plain MD5 hash in hexadecimal form
O
AcceptPassword When specified, allows the password score to be lower then the password warning score. This parameter is used to skip the password scoring
O
Aradial User Management HTTP API Specification
Page 10
mechanism. db_$N$Users.PasswordSource Indicate the source of the password: 0 –
According to the group, 1 – From the Aradial user entity record, 2 - Operation system, 3-LDAP database, 4 – Secure ID.
O
db_$N$Users.UserActive A Flag indicating whether the user is active (0 – Not Active, 1 – Active)
O
db_$D$Users.StartDate The user’s start date. O db_$D$Users.UserExpiryDate The user’s expiration date O db_$RS$Users.GroupName The user group name M db_$N$UserDetails.AdminType The user administration privilege type O db_Users.CallerID The user caller ID O db_Users.CallBackNumber The user call back number O db_$N$Users.UserService The user service number. Note that the parameter
must contain the number of the service, as defined in the Aradial NasCfgDbd configuration file.
O
db_$F$Users.KBBank The initial KB Bank value to set for the user (bytes)
O
db_$N$Users.UseKBBank A flag to indicate whether the KB bank is used or not (1 = Yes, 0 =No)
O
db_$N$Users.TimeBank The initial time bank value to set for the user (In seconds)
O
db_$N$Users.UseTimeBank A flag to indicate whether the time bank is used or not (1 = Yes, 0 =No)
O
RelativeExpirationTime The time of the expiration time relative to now O db_$F$Users.Balance The initial monetary balance to set for the user OV db_Users.TariffID The ID of the Tariff associate with the user. The
Tariff defines the rating plan used for the user OV
db_$I$Users.UserIP The remote IP of the user. O db_Users.FilterName The filter name. O db_Users.NASAttributes User level parameters used for personalized
authorization definitions. O
db_UserDetails.FirstName The user first name O db_UserDetails.LastName The user last name O db_UserDetails.Company The user company O db_UserDetails.Email The user email O db_UserDetails.Address1 The user address (Line 1) O db_UserDetails.Address2 The user address (Line 2) O db_UserDetails.City The user city O db_$GS$UserDetails.State The user state O db_$GS$UserDetails.Country The user country O db_UserDetails.Zip The user Zip O db_UserDetails.PhoneHome The user home phone number. O db_UserDetails.PhoneFax The user Fax number O db_UserDetails.CustomInfo1 Custom information O
Aradial User Management HTTP API Specification
Page 11
db_UserDetails.CustomInfo2 Custom information O db_UserDetails.CustomInfo3 Custom information O db_UserDetails.CustomInfo4 Custom information O db_UserDetails.Comments Comments O
Return Result Success Result Following is the format of a success result:
Failure Result Following is the format of a failure result:
Example Add a user with a user name of "joe", password "1234", GroupName="Analog" and a Service of PPP (number 1). For the example, it is assumed that there is a user with name "API, that has "API" rights, and a password of "1111". The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111
<Result> <Status value="Success" /> <Operation type="added" /> <Entity type="User" name="{UserId}" /> </Result>
<Result> <Status value="Error" /> <Operation type="added" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 12
Parameters:
The excepted return result is:
Update User
Description Update a user profile in the Aradial user profile database.
Http Method Must be POST.
Parameters Name Description Type Page Selects the Update User operation. Must be
“UserEdit”. M
Modify Indicates that this is an update operation. Must have a value of “1”.
M
UserId The user name of the user to update. M Password The plain password of the new user. O PasswordEncryptionType If this option exists with non empty value, it is
assumed that the "Password" field is already encrypted according to the numeric value as bellow: 0 - Plain password. 1 - Sha encrypted password. 2 -Unix Crypt (By DES) encryption password.
O
Page=UserEdit Add=1 Db_Users.UserId=Joe Password=1234 db_$RS$Users.GroupName=Analog db_$N$Users.UserActive=1 db_$N$Users.UserService=1
<Result> <Status value="Success" /> <Operation type="added" /> <Entity type="User" name="joe" /> </Result>
Aradial User Management HTTP API Specification
Page 13
5 - Unix Crypt (By MD5) encryption password. 7 – Plain MD5 hash in hexadecimal form
AcceptPassword When specified, allows the password score to be lower then the password warning score. This parameter is used to skip the password scoring mechanism.
O
db_$N$Users.PasswordSource Indicate the source of the password: 0 – According to the group, 1 – From the Aradial user entity record, 2 - Operation system, 3-LDAP database, 4 – Secure ID.
O
db_$N$Users.UserActive A Flag indicating whether the user is active (0 – Not Active, 1 – Active)
O
db_$D$Users.StartDate The user start date. O db_$D$Users.UserExpiryDate The user expiration date O db_$RS$Users.GroupName The user group name O db_$N$UserDetails.AdminType The user administration privilege type O db_Users.CallerID The user caller ID O db_Users.CallBackNumber The user call back number O db_$N$Users.UserService The user service number. Note that the parameter
must contain the number of the service, as defined in the Aradial NasCfgDbd configuration file.
O
db_$I$Users.UserIP The remote IP of the user. O db_Users.FilterName The filter name. O db_$F$Users.KBBank An absolute KB Bank value to set for the user
(bytes) O
db_$FI$Users.KBBank An incremental KB Bank to add to the user (Instead of the previous option)
O
db_$N$Users.TimeBank An absolute time bank to set for the user (In seconds)
O
db_$NI$Users.TimeBank An incremental time bank to add for the user (In seconds) (Instead of the previous option)
O
RelativeExpirationTime Cause to either add the value to the expiration time, or relative to now in case the expiration time is NULL. (In seconds)
O
db_$F$Users.Balance An absolute monetary balance to give for the user OV db_$FI$Users.Balance An incremental monetary balance to add for the
user (Instead of the previous option) OV
db_Users.NASAttributes User level parameters used for personalized authorization definitions.
O
db_UserDetails.FirstName The user first name O db_UserDetails.LastName The user last name O db_UserDetails.Company The user company O db_UserDetails.Email The user email O db_UserDetails.Address1 The user address (Line 1) O db_UserDetails.Address2 The user address (Line 2) O
Aradial User Management HTTP API Specification
Page 14
db_UserDetails.City The user city O db_$GS$UserDetails.State The user state O db_$GS$UserDetails.Country The user country O db_UserDetails.Zip The user Zip O db_UserDetails.PhoneHome The user home phone number. O db_UserDetails.PhoneFax The user Fax number O db_UserDetails.CustomInfo1 Custom information O db_UserDetails.CustomInfo2 Custom information O db_UserDetails.CustomInfo3 Custom information O db_UserDetails.CustomInfo4 Custom information O db_UserDetails.Comments Comments O UserLockout This parameter is used to Lock or Unlock a user: 1
– Lock, 0 - Unlock O
Return Result Success Result Following is the format of a success result:
Failure Result Following is the format of a failure result:
Example 1 – Modify user service Modify the service of the user “joe” to Rlogin (number 7 according to NasCfgDbs). The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111
<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="{UserId}" /> </Result>
<Result> <Status value="Error" /> <Operation type="updated" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 15
Parameters:
The excepted return result is:
Example 2 – Locking a user Locking the user Joe
HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111 Parameters:
The excepted return result is:
Example 3 – Unlocking a user Unlocking the user Joe
Page=UserEdit Modify=1 UserId=Joe db_$N$Users.UserService=1
<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="joe" /> </Result>
Page=UserEdit Modify=1 UserId=Joe UserLockout=1
<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="joe" /> </Result>
Aradial User Management HTTP API Specification
Page 16
HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111 Parameters:
The excepted return result is:
Example 4 – Activating a user Make the user joe active
HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111 Parameters:
Page=UserEdit Modify=1 UserId=Joe UserLockout=0
<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="joe" /> </Result>
Page=UserEdit Modify=1 UserId=Joe db_$N$Users.UserActive=1
Aradial User Management HTTP API Specification
Page 17
The excepted return result is:
Example 5 – Disabling a user Disable the user joe.
HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111 Parameters:
The excepted return result is:
Example 6 – Change user group Change the group of user "joe" to "Wifi"
HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111
<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="joe" /> </Result>
Page=UserEdit Modify=1 UserId=Joe db_$N$Users.UserActive=0
<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="joe" /> </Result>
Aradial User Management HTTP API Specification
Page 18
Parameters:
The excepted return result is:
Page=UserEdit Modify=1 UserId=Joe db_$RS$Users.GroupName=Wifi
<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="joe" /> </Result>
Aradial User Management HTTP API Specification
Page 19
Delete User
Description Delete one or more users from the Aradial user database.
Http Method Get or POST.
Parameters Name Description Type Page Selects the Update User operation. Must be
“UserEdit”. M
ConfirmDelete Indicates that this is a delete operation. Must have a value of “1”.
M
$Delete${UserId} The parameter name contains the user name of the user to delete as a suffix. The parameter value should be “1”. Multiple such parameters can be used in order to perform delete of multiple users. Example: $Delete$joe
M
Return Result Success Result Following is the format of a success result:
Failure Result Following is the format of a failure result:
<Result> <Status value="Success" /> <Operation type="deleted" /> <Entity type="User" name="{UserId}" /> </Result>
<Result> <Status value="Error" /> <Operation type="deleted" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 20
Example Delete the user “joe”. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:
The excepted return result is:
Page=UserEdit ConfirmDelete=1 $Delete$Joe=1
<Result> <Status value="Success" /> <Operation type="deleted" /> <Entity type="User" name="joe" /> </Result>
Aradial User Management HTTP API Specification
Page 21
Get User List
Description Fetch a list of users according to some criterion. The query is defined using the query mechanism (see Query Mechanism for details) and may include any column from the Users and UserDetails Aradial database tables.
Http Method Get.
Parameters Name Description Type Page Selects the get user list operation. Must be
“UserHit”. M
RowNumber The row number of the result set to start from. This parameter can be used to browse a result set in case of large result sets. The default size of a returned result set is 20. This setting can be modified in Aradial Admin (Adv. Configuration/Interface/Number of Rows per Hit Page).
O
OnePage Returns the entire result set, regardless of its size. This parameter must have a value of 1. Note: This option is only available starting from Aradial version 3.17.
O
qdb_XXX See the Query Mechanism for details. O op_xxx See the Query Mechanism for details. O qdb_clause See the Query Mechanism for details. O
Aradial User Management HTTP API Specification
Page 22
Return Result Success Result Following is the format of a success result:
The result contains a set of <TR>…</TR> elements, one for each user in the result set. Each such element contains all the fields of the user from the Users and UserDetails tables. Failure Result Following is the format of a failure result:
Example Fetch all users with a username that begins with an “a”. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111
<Users> <TR> <TD fieldName="Users.UserId">{User1-Id}</TD> <TD fieldName="Users.PasswordSource">{User1-PasswordSource}</TD> <TD fieldName="Users.Password">{User1-Password}</TD> . . </TR> . . <TR> <TD fieldName="Users.UserId">{UserN-Id}</TD> <TD fieldName="Users.PasswordSource">{UserN-PasswordSource}</TD> <TD fieldName="Users.Password">{UserN-Password}</TD> . . </TR> </Users>
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 23
Parameters:
The excepted return result is:
Page=UserHit qdb_Users.UserId=a%
<Users> <TR> <TD fieldName="Users.UserId">abraham</TD> <TD fieldName="Users.PasswordSource">0</TD> <TD fieldName="Users.Password"> password123</TD>
<TD fieldName="Users.GroupName">Analog</TD> . . </TR> . . <TR> <TD fieldName="Users.UserId">arnold12</TD> <TD fieldName="Users.PasswordSource">0</TD> <TD fieldName="Users.Password"> schwartzeneger</TD>
<TD fieldName="Users.GroupName">Wifi</TD> . . </TR> </Users>
Aradial User Management HTTP API Specification
Page 24
Get Single User
Description Fetch a single user based on the user name of the user. This method is used for simple retrieval of users based on user name, while the Get User List may be used for more complex queries involving multiple users.
Http Method Get.
Parameters Name Description Type Page Selects the get user details operation. Must be
“UserEdit”. M
UserId The user name of the user to fetch. M
Return Result Success Result Following is the format of a success result:
The result contains a set of <TD>…</TD> elements, one for each column of the user from the Users and UserDetails tables. Failure Result Following is the format of a failure result:
<User> <TD fieldName="Users.UserId">{User-Id}</TD> <TD fieldName="Users.PasswordSource">{User-PasswordSource}</TD> <TD fieldName="Users.Password">{User-Password}</TD> <TD fieldName="Users.GroupName">{User-GroupName}</TD> . . </User>
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 25
Example Fetch the user “joe”. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:
The excepted return result is:
Page=UserEdit UserId=joe
<User> <TD fieldName="Users.UserId">joe</TD> <TD fieldName="Users.PasswordSource">0</TD> <TD fieldName="Users.Password"> password666</TD>
<TD fieldName="Users.GroupName">Analog</TD> . . <TD fieldName="UserDetails.FirstName">Joe</TD> <TD fieldName="UserDetails.LastName">Bent</TD> . . </User>
Aradial User Management HTTP API Specification
Page 26
Get User Online Sessions
Description Fetch the list of the current online (active) sessions. Note that either the entire list of active session or the active sessions for a specific user are fetched.
Http Method Get.
Parameters Name Description Type Page Selects the get user online sessions operation.
Must be “Sessions”. M
UserId Fetch the active sessions for a specific user name. O SortBy Selects the sort order for the sessions. Valid
values: • NAS Name • Online Since • Time Online • User
O
Ascending Selects the sort direction of the result. Valid values are: • Ascending - default • Descending.
O
RowNumber The row number of the result set to start from. This parameter can be used to browse a result set in case of large result sets. The default size of a returned result set is 20. This setting can be modified in Aradial Admin (Adv. Configuration/Interface/Number of Rows per Hit Page).
O
OnePage Returns the entire result set, regardless of its size. This parameter must have a value of 1. Note: This option is only available starting from Aradial version 3.17.
O
Aradial User Management HTTP API Specification
Page 27
Return Result Success Result Following is the format of a success result:
The result contains a set of <TR>…</TR> elements, one for each session in the result set. Failure Result Following is the format of a failure result:
Example Fetch all active sessions for the user DemoUser1. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111
<Sessions> <TR> <TD fieldName="UserId">{Session1-UserId}</TD> <TD fieldName="NasIndex">{Nas Index}</TD> <TD fieldName="NasID">{Nas ID}</TD> <TD fieldName="NASName">{Session1-NASName}</TD> <TD fieldName="NASPort">{Session1-NASPort}</TD> <TD fieldName="AcctSessionID">{Accounting Session ID}</TD> <TD fieldName="UserIndex">{The User index}</TD> <TD fieldName="GroupIndex">{The Group index}</TD> <TD fieldName="Service">{The Service}</TD> <TD fieldName="UserIP">{The User IP}</TD> <TD fieldName="StartTime>{Session1-StartTime}</TD> <TD fieldName="SessionTime">{Session1-SessionTime}</TD> </TR> . . </Sessions>
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 28
Parameters:
The excepted return result is:
Page=Sessions UserId=DemoUser1
<Sessions> <TR>
<TD fieldName="UserId">DemoUser1</TD> <TD fieldName="NASIndex">1</TD> <TD fieldName="NASID">127.0.0.1</TD> <TD fieldName="NASName">NasSim</TD> <TD fieldName="NASPort">0</TD> <TD fieldName="AcctSessionId">180412</TD> <TD fieldName="UserIndex">1</TD> <TD fieldName="GroupIndex">4</TD> <TD fieldName="Service">WLAN-AP</TD> <TD fieldName="UserIP"></TD> <TD fieldName="StartTime">Sun 11:57</TD> <TD fieldName="SessionTime">01:15:19</TD>
</TR> </Sessions>
Aradial User Management HTTP API Specification
Page 29
Get User Session History
Description Fetch a list of past sessions for a given user. The query is defined using the query mechanism (see Query Mechanism for details). The query may include any column from the AccountingLog, Users and UserDetails tables.
Http Method Get.
Parameters Name Description Type Page Selects the get user session history operation.
Must be “UserSessions”. M
RowNumber The row number of the result set to start from. This parameter can be used to browse a result set in case of large result sets. The default size of a returned result set is 20. This setting can be modified in Aradial Admin (Adv. Configuration/Interface/Number of Rows per Hit Page).
O
OnePage Returns the entire result set, regardless of its size. This parameter must have a value of 1. Note: This option is only available starting from Aradial version 3.17.
O
qdb_XXX See the Query Mechanism for details. O op_xxx See the Query Mechanism for details. O qdb_clause See the Query Mechanism for details. O
Return Result Success Result
Aradial User Management HTTP API Specification
Page 30
Following is the format of a success result:
The result contains a set of <TR>…</TR> elements, one for each session in the result set. Failure Result Following is the format of a failure result:
Example Fetch all sessions for DemoUser1 between the dates 1-1-2005 and 1-31-2005. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
<UserSessions> <TR> <TD fieldName="UserId">{Session1-UserId}</TD> <TD fieldName="NASName">{Session1-NASName}</TD> <TD fieldName="NASPort">{Session1-NASPort}</TD> <TD fieldName="InTime>{Session1-InTime}</TD> <TD fieldName="Service">{Session1-Service}</TD> <TD fieldName="CallerId">{Session1-CallerId}</TD> <TD fieldName="AcctOutputOctets">{Session1-OutputOctets}</TD> <TD fieldName="AcctInputOctets">{Session1-InputOctets}</TD> <TD fieldName="FramedAddress">{Session1-FramedAddress}</TD> </TR> . . </UserSessions>
Aradial User Management HTTP API Specification
Page 31
Parameters:
The excepted return result is:
Page=UserSessions qdb_Users.UserId=DemoUser1 op_$D$AcctDate=> qdb_$D$AcctDate=1/1/2005 op_$D$AcctDate=< qdb_$D$AcctDate=1/31/2005
<UserSessions> <TR>
<TD fieldName="UserId">DemoUser1</TD> <TD fieldName="NASName">NasSim</TD> <TD fieldName="NASPort">1</TD> <TD fieldName="InTime">01/07/05 20:46:41 </TD> <TD fieldName="Service">PPP</TD> <TD fieldName="CallerId"></TD> <TD fieldName="AcctOutputOctets">0</TD> <TD fieldName="AcctInputOctets">0</TD> <TD fieldName="FramedAddress">255.255.255.254</TD>
</TR> <TR>
<TD fieldName="UserId">DemoUser1</TD> <TD fieldName="NASName">NasSim</TD> <TD fieldName="NASPort">1</TD> <TD fieldName="InTime">01/14/05 19:14:41 </TD> <TD fieldName="Service">PPP</TD> <TD fieldName="CallerId"></TD> <TD fieldName="AcctOutputOctets">0</TD> <TD fieldName="AcctInputOctets">0</TD> <TD fieldName="FramedAddress">255.255.255.254</TD>
</TR> </UserSessions>
Aradial User Management HTTP API Specification
Page 32
4. Group management API
Create a group
Description Create a new group in the Aradial database.
Http Method Must be POST.
Parameters Name Description Type Page Selects the Create Group operation. Must be
“GroupEdit”. M
Add Indicates that this is an add operation. Must have a value of “1”.
M
db_$RS$GroupName The Group name. M db_$N$IsSubGroup Indicate whether its SubGroup: 1- SubGroup,
0-Group M
db_$N$NASIndex The NAS Index, should be 0 if not SubGroup. O db_$N$Active Indicate whether the group is Active (1-
Active, 0-Not Active). O
db_$N$Service The default service ID that associated with this group.
O
db db_$N$EnableCallback A Flag indicating whether to enable callback (1 – Enable, 0 – Disabled)
O
db_IPPool The list of IP Pools that are used by this group. O db_$N$MultiSessionAsMultiLnk Indicate whether to treat multi session as
multilink (1 – Enable, 0 – Disabled) O
db_$RN$PasswordSource The Password source: 0 - According to default settings. 1- Aradial users database 2 - From OS 3 - From LDAP database 4 - From as Secure ID device 5 - No Password
O
db_$N$AutoAddOnFirstConnect Determine whether to AutoAdd the users on 1st connect. (1 – Enable, 0 – Disabled)
O
Aradial User Management HTTP API Specification
Page 33
db_$I$RemoteIP The remote IP of the user. O db_FilterName The filter name. O db_CallerIDTemplate The CallerID template. O db_NASAttributes Group level parameters used for personalized
authorization definitions. O
db_$N$MaxTotGroupSess The maximum number of sessions for this group (0 – No Limit)
O
db_$N$MaxSameUserSess The maximum number of sessions for each user in this group (0 – No Limit)
O
db_$N$NoAccessBySesLimit A flag to determine whether to apply the session limit setting (1 = Yes, 0 =No)
O
db_$F$SessionLimit The session limit in seconds. O db_$F$IdleTime The session idle time O db_$N$BusinessEntityIndex The index of a business entity that is related to
this group. OV
db_$RN$AutoExpirePolicy The AutoExpire Policy: 0 - None 1- Minutes 2 - Hours 3 - Days
O
db_$N$AutoExpireTime The AutoExpire time (According to Policy). O db_$D$AcctStartDate The start date to accept this group. O db_$D$AcctExpireDate The end date to accept this group. O db_AfterAddUserCommand An operation to do when adding a user to this
group. O
db_$N$BlackList The Black List Id O db_$N$WhiteList The White List Id O db_OnUpdateCommand An operation to do when updating a user from
this group. O
db_AfterDelUserCommand An operation to do when deleting a user from this group
O
db_OnPasswordChangeCommand An operation to do when changing a password of a user in this group.
O
db_OnDeActiveCommand An operation to do when deactivating a user in this group.
O
db_OnReActiveCommand An operation to do when reactivating an user in this group
O
Aradial User Management HTTP API Specification
Page 34
Return Result Success Result Following is the format of a success result:
Failure Result Following is the format of a failure result:
Example – Create a group Add a group with the name "Series1" that has Service of PPP (number 1) and limit the maximum user sessions to 1 The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111
<Result> <Status value="Success" /> <Operation type="added" /> <Entity type="User" name="{GroupName}" /> </Result>
<Result> <Status value="Error" /> <Operation type="added" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 35
Parameters:
The excepted return result is:
Example – Create a sub group Add a sub group to series1 for NAIndex 1. For that NAS, allow users to login twice. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111 Parameters:
Page=GroupEdit Add=1 db_$RS$GroupName=Series1 db_$N$IsSubGroup=0 db_$N$Active=1 db_$N$Service=1 db_$N$MaxSameUserSess=1 db_$N$MaxTotGroupSess=0
<Result> <Status value="Success" /> <Operation type="added" /> <Entity type="Group" name="Series1" /> </Result>
Page=GroupEdit Add=1 db_$RS$GroupName=Series1 db_$N$NASIndex=1 db_$N$Active=1 db_$N$Users.UserService=1 db_$N$MaxSameUserSess=2
Aradial User Management HTTP API Specification
Page 36
The excepted return result is:
<Result> <Status value="Success" /> <Operation type="added" /> <Entity type="Group" name="Series1" /> </Result>
Aradial User Management HTTP API Specification
Page 37
Update Group
Description Update a group in the Aradial database.
Http Method Must be POST.
Parameters Name Description Type Page Selects the Update Group operation. Must be
“GroupEdit”. M
Modify Indicates that this is an update operation. Must have a value of “1”.
M
GroupName The original Group name. M NASIndex The original NAS Index O db_$RS$GroupName The Group name. O db_$N$IsSubGroup Indicate whether it is a SubGroup: 1-
SubGroup, 0-Group O
db_$N$NASIndex The updated NAS Index, should be 0 if not SubGroup.
O
db_$N$Active Indicate whether he group Active (1- Active, 0-Not Active).
O
db_$N$Service The default service ID that associated with this group.
O
db db_$N$EnableCallback A Flag indicating whether to enable callback (1 – Enable, 0 – Disabled)
O
db_IPPool The list of IP Pools that are used by this group. O db_$N$MultiSessionAsMultiLnk Indicate whether to treat multi session as
multilink (1 – Enable, 0 – Disabled) O
db_$RN$PasswordSource The Password source: 0 - According to default settings. 1- Aradial users database 2 - From OS 3 - From LDAP database 4 - From as Secure ID device 5 - No Password
O
db_$N$AutoAddOnFirstConnect Determine whether to Auto Add the users on 1st connect. (1 – Enable, 0 – Disabled)
O
db_$I$RemoteIP The remote IP of the user. O db_FilterName The filter name. O db_CallerIDTemplate The CallerID template. O
Aradial User Management HTTP API Specification
Page 38
db_NASAttributes Group level parameters used for personalized authorization definitions.
O
db_$N$MaxTotGroupSess The maximum number of sessions for this group (0 – No Limit)
O
db_$N$MaxSameUserSess The maximum number of sessions for each user in this group (0 – No Limit)
O
db_$N$NoAccessBySesLimit A flag to whether to apply the session limit setting (1 = Yes, 0 =No)
O
db_$F$SessionLimit The session limit in seconds. O db_$F$IdleTime The session idle time O db_$N$BusinessEntityIndex The index of a business entity that is related to
this group. OV
db_$RN$AutoExpirePolicy The Auto Expire Policy: 0 - None 1 - Minutes 2 - Hours 3 – Days
O
db_$N$AutoExpireTime The Auto Expire time (According to Policy). O db_$D$AcctStartDate The start date to accept this group. O db_$D$AcctExpireDate The end date to accept this group. O db_$N$BlackList The Black List Id O db_$N$WhiteList The White List Id O db_AfterAddUserCommand An operation to do when adding a user to this
group. O
db_OnUpdateCommand An operation to do when updating a user from this group.
O
db_AfterDelUserCommand An operation to do when deleting a user from this group
O
db_OnPasswordChangeCommand An operation to do when changing a password to a user in this group.
O
db_OnDeActiveCommand An operation to do when deactivating a user in this group.
O
db_OnReActiveCommand An operation to do when reactivating a user in this group
O
Return Result Success Result Following is the format of a success result:
<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="{GroupName }" /> </Result>
Aradial User Management HTTP API Specification
Page 39
Failure Result Following is the format of a failure result:
Example 1 – Modify user service Modify the service of the Group “Series1” to Rlogin (number 7 according to NasCfgDbs). The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111 Parameters:
The excepted return result is:
<Result> <Status value="Error" /> <Operation type="updated" /> <Reason value="{ErrorReason}" /> </Result>
Page=GroupEdit Modify=1 GroupName=Series1 db_$N$Service=7
<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="group" name="Series1" /> </Result>
Aradial User Management HTTP API Specification
Page 40
Delete a group
Description Delete a group from the Aradial database.
Http Method Get or POST.
Parameters Name Description Type Page Selects the Update Group operation. Must be
“GroupEdit”. M
ConfirmDelete Indicates that this is a delete operation. Must have a value of “1”.
M
GroupName The group name to delete M NASIndex The NASIndex if SubGroup O
Return Result Success Result Following is the format of a success result:
Failure Result Following is the format of a failure result:
<Result> <Status value="Success" /> <Operation type="deleted" /> <Entity type="group" name="{GroupName}" /> </Result>
<Result> <Status value="Error" /> <Operation type="deleted" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 41
Example Delete the group “Series1”. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:
The excepted return result is:
Page=GroupEdit ConfirmDelete=1 GroupName=Series1
<Result> <Status value="Success" /> <Operation type="deleted" /> <Entity type="group" name="Series1" /> </Result>
Aradial User Management HTTP API Specification
Page 42
Get Group List
Description Fetch all the groups or all subgroups of a group
Http Method Get.
Parameters Name Description Type Page Selects the get group list operation. Must be
“GroupHit”. M
MainGroup The main group, in case of fetch a sub group. O
Return Result Success Result Following is the format of a success result:
The result contains a set of <TR>…</TR> elements, one for each user in the result set. Each such element contains all the fields of the Group table.
<Groups> <TR> <TD fieldName="GroupName">{Group1-Id}</TD> <TD fieldName=" Service">{Group1-Service}</TD> <TD fieldName=" IPPool">{Group1- IPPoold}</TD> . . </TR> . . <TR> <TD fieldName="GroupName">{GroupN-Id}</TD> <TD fieldName=" Service">{GroupN-Service}</TD> <TD fieldName=" IPPool">{GroupN- IPPoold}</TD> . . </TR> </Groups>
Aradial User Management HTTP API Specification
Page 43
Failure Result Following is the format of a failure result:
Example – Fetch All main groups Fetch all Groups The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:
The excepted return result is:
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
Page=GroupHit
<Groups> <TR> <TD fieldName="GroupName">Wifi 1</TD> <TD fieldName=" Service">1</TD> <TD fieldName=" IPPool">Pool1</TD> . . </TR> . . <TR> <TD fieldName="GroupName">Analog</TD> <TD fieldName=" Service">1</TD> <TD fieldName=" IPPool">Pool2</TD> . . </TR> </Groups>
Aradial User Management HTTP API Specification
Page 44
Example – Fetch a sub group Fetch all SubGroups of the group "Analog" The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:
The excepted return result is:
Page=GroupHit MainGroup=Analog
<Groups> <TR> <TD fieldName="GroupName"> Analog </TD> <TD fieldName=" NASIndex">1</TD> <TD fieldName=" Service">1</TD> <TD fieldName=" IPPool">Poo3</TD> . . </TR> . . <TR> <TD fieldName="GroupName">Analog</TD> <TD fieldName=" NASIndex">2</TD> <TD fieldName=" Service">1</TD> <TD fieldName=" IPPool">Pool4</TD> . . </TR> Groups>
Aradial User Management HTTP API Specification
Page 45
Get a Single Group
Description Fetch a single group based on the GroupName or GroupName and NASIndex
Http Method Get.
Parameters Name Description Type Page Selects the get user details operation. Must be
“UserEdit”. M
GroupName The group name to fetch. M NASIndex The NAS Index, if Sub Group O
Return Result Success Result Following is the format of a success result:
The result contains a set of <TD>…</TD> elements, one for each column of the group. Failure Result Following is the format of a failure result:
Example Fetch the Group “Wifi”.
<Group> <TD fieldName="GroupName"> {Name} </TD> <TD fieldName=" Service">{Service}</TD> <TD fieldName=" IPPool">{Pools}</TD> . . </Group>
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 46
The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:
The excepted return result is:
<Group> <TD fieldName="GroupName"> Wifi </TD> <TD fieldName=" Service">1</TD> <TD fieldName=" IPPool">Pool1</TD> . . </Group>
Page=GroupEdit GroupName=Wifi
Aradial User Management HTTP API Specification
Page 47
5. Dynamic Authorization APIs
Passive Disconnect a Session
Description Do a passive disconnect to a specific session. See "Get User Online Sessions" in order to fetch the correct session.
Http Method Get or Post.
Parameters Name Description Type Page Selects the "Session Delete" operation. Must be
“SessionDelete”. M
NasId The NAS ID (From the fetch) M NasPort The NAS Port (From the fetch) M AcctSessId The Accounting session ID (From the fetch) M
Return Result Success Result Following is the format of a success result:
Failure Result
<Result> <Status value="Success" /> <Operation type="DeleteSession" /> </Result>
Aradial User Management HTTP API Specification
Page 48
Following is the format of a failure result:
Example Delete the Session with NASId= 127.0.0.1, NasPort=200 and Account session ID=Sess00001. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:
The excepted return result is:
<Result> <Status value="Success" /> <Operation type="DeleteSession" /> </Result>
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
Page= SessionDelete NasId = 127.0.0.1 NasPort=20 AcctSessId=Sess00001
Aradial User Management HTTP API Specification
Page 49
Radius Forwarder
Description A generic method to send a Radius request on the Radius server.
Http Method Get or Post.
Parameters Name Description Type Page Selects the "Radius Forwarder" operation. Must be
“RadForward”. M
Rad_ReqCode The radius request code. M Rad_SuccessCode The response code to consider as success M RadAttr_{Attribute Name} A radius attribute to populate in the request.
Where: • Attribute Name – The Radius Attribute
name.
O
Return Result Success Result Following is the format of a success result:
Failure Result Following is the format of a failure result:
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
<Result> <Status value="Success" /> <Operation type="RadForward" /> </Result>
Aradial User Management HTTP API Specification
Page 50
Disconnect Session
Description Causes to disconnect a single session. This is done using a PoD request from the server to the NAS.
Http Method Get or Post.
Parameters Name Description Type Page Selects the "Radius Forwarder" operation. Must be
“RadForward”. M
Rad_ReqCode The radius request code. Must be "40" for this case.
M
Rad_SuccessCode The response code to consider as success, Must be "41" for this case.
M
RadAttr_User-Name The UserName to disconnect. M RadAttr_Client-Id The Client Identifier M
RadAttr_NAS-Port-Id The NAS port ID O RadAttr_Acct-Session-Id The Accounting Session ID M
Return Result Success Result Following is the format of a success result:
Failure Result Following is the format of a failure result:
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
<Result> <Status value="Success" /> <Operation type="RadForward" /> </Result>
Aradial User Management HTTP API Specification
Page 51
Example – Send POD request to a single user session Send a PoD request for the session "Session001", Port "200", Client Identifier "127.0.0.1" and user "Joe". The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:
The excepted return result is:
<Result> <Status value="Success" /> <Operation type=" RadForward " /> </Result>
Page= RadForward Rad_ReqCode =40 Rad_SuccessCode=41 RadAttr_User-Name=joe RadAttr_Client-Id=127.0.0.1 RadAttr_NAS-Port-Id=200 RadAttr_Acct-Session-Id=Session001
Aradial User Management HTTP API Specification
Page 52
Change of Authorization
Description Sends a Change of Authorization (CoA) message to the NAS to change the authorization parameters of a specific session. This is done using a CoA request from the RADIUS server to the user session.
Http Method Get or Post.
Parameters Name Description Type Page Selects the "Radius Forwarder" operation. Must be
“RadForward”. M
Rad_ReqCode The radius request code. Must be "43" for this case.
M
Rad_SuccessCode The response code to consider as success. Must be "44" for this case.
M
RadAttr_User-Name The UserName associated with the session. M RadAttr_Client-Id The Client Identifier M
RadAttr_Acct-Session-Id The Accounting Session ID M CoA-Service The name of the CoA service to use for the CoA
message. This service is defined in NasCfgDbs as a System Service.
M
RadAttr_NAS-Port-Id The NAS port ID O
Return Result Success Result Following is the format of a success result:
<Result> <Status value="Success" /> <Operation type="RadForward" /> </Result>
Aradial User Management HTTP API Specification
Page 53
Failure Result Following is the format of a failure result:
Example – Send CoA request for system service “CoA- Session-Timeout” Send a CoA request to the session "Session001", Port "200", Client Identifier "127.0.0.1" and user "Joe" using the “CoA-Session-Timeout” system service. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:
The excepted return result is:
<Result> <Status value="Success" /> <Operation type=" RadForward " /> </Result>
Page= RadForward Rad_ReqCode =43 Rad_SuccessCode=44 RadAttr_User-Name=joe RadAttr_Client-Id=127.0.0.1 RadAttr_NAS-Port-Id=200 RadAttr_Acct-Session-Id=Session001 CoA-Service=CoA-Session-Timeout
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 54
RADIUS User Request
Description A generic method to send a RADIUS request to all of the sessions of a given user.
This method loops over the user sessions and for each one, sends a RADIUS request that contains the “User-Name”, “Client-Id", “NAS-Port-Id”, “Acct-Session-Id” RADIUS attributes and a set of custom attributes according to the HTTP parameters with the “RadAttr_” prefix.
Http Method Get or Post.
Parameters Name Description Type Page Selects the "Radius Forwarder" operation. Must be
“RadForward”. M
Rad_ReqCode The radius request code. M UserId The UserId M RadAttr_{Attribute Name} A RADIUS attribute to populate in the request in
addition to “User-Name”, “Client-Id", “NAS-Port-Id” and “Acct-Session-Id”. Where: • Attribute Name – The RADIUS Attribute
name.
O
Return Result Success Result Following is the format of a success result:
<Result> <Status value="Success" /> <Operation type="RadUserRequest" /> </Result>
Aradial User Management HTTP API Specification
Page 55
Failure Result Following is the format of a failure result:
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
Aradial User Management HTTP API Specification
Page 56
Disconnect User
Description Causes to disconnect all users sessions using RADIUS User Request. This is done using POD from the server to all User Sessions.
Http Method Get or Post.
Parameters Name Description Type Page Selects the "RADIUS User Request" operation.
Must be “RadUserRequest”. M
Rad_ReqCode The RADIUS request code. Must be "40" for this case.
M
UserId The User Name to disconnect. M
Return Result Success Result Following is the format of a success result:
Failure Result Following is the format of a failure result:
Example 1 – Send POD request to all user sessions Send POD request to all sessions of the user "Joe"
<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>
<Result> <Status value="Success" /> <Operation type="RadUserRequest" /> </Result>
Aradial User Management HTTP API Specification
Page 57
The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:
The excepted return result is:
<Result> <Status value="Success" /> <Operation type="RadUserRequest" /> </Result>
Page=RadUserRequest Rad_ReqCode =40 UserId=joe