1、The client does his initial request, as if he was already connected, (e.g.: http://www.google.ca)
2、The Gateway’s firewall rules mangle the request to redirect it to a local port on the Gateway. When that’s the done, the Gateway provides an HTTP Redirect reply that contains the Gateway ID, Gateway FQDN and other informations
3、The Client does his request to the Auth Server as specified by the Gateway, see Login Protocol
4、The Gateway replies with a (potentially custom) splash (login) page
5、The Client provides his identification informations (username and password)
6、Upon succesful authentication, the client gets an HTTP Redirect to the Gateway’s own web server with his authentication proof (a one-time token), http://GatewayIP:GatewayPort/wifidog/auth?token=[auth token]
7、The Client then connects to the Gateway and thus gives it his token
8、The Gateway requests validation of the token from the Auth Server, see Client Protocol
9、The Auth Server confirms the token
10、The Gateway then sends a redirect to the Client to obtain the Success Page from the Auth Server, redirects to http://auth_server/portal/
12、The Auth Server notifies the Client that his request was successful


将未认证的请求重定向到Auth Server的登录界面:login页面

客户端登陆成功后,Auth Server将客户端重定向到Gateway,形式如下:http://GatewayIP:GatewayPort/wifidog/auth?token=[auth token]

Gateway将拿到的token传给Auth Server,验证客户端,如果客户端被允许,将客户端重定向到Auth Server的portal界面Firewall.c中包含了对iptables相关的操作

本文章由 http://www.wifidog.pro/2015/02/13/wifidog%E8%AE%A4%E8%AF%81%E6%B5%81%E7%A8%8B.html 整理编辑,转载请注明出处

标签: wifidog认证 wifidog安装 wifidog原理 wifidog分析 wifidog配置 wifidog流程 wifidog服务器 wifidog-ddwrt wifidog openwrt