UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
This page contains a Perl hook for the ServerRADSEC portion of your Radiator configuration to set the OpenRoaming Operator-Name from the WBA ID in the connecting peer certificate.
In OpenRoaming, the Operator-Name MUST either contain a value starting with 4, followed by the WBA ID that is provided by the Wireless Broadband Alliance, OR a value starting with 1, followed by the BASE64-encoded version of the WBA ID, ending with .wballiance.com.
Example:
Example WBA ID: CITYROAM:JP
Acceptable Operator-Name values:
4CITYROAM:JP1Q0lUWVJPQU06SlA.wballiance.com
Radiator PreHandlerHook
sub
{
my $p = ${$_[0]};
# pick up the peer certificate, pull the WBA ID out
my $ssl = $p->{Client}->{ssl_streamtls};
my $x509 = Net::SSLeay::get_peer_certificate($ssl);
my $x509_name = Net::SSLeay::X509_get_subject_name($x509);
my $name = Net::SSLeay::X509_NAME_oneline($x509_name);
&main::log($main::LOG_INFO, "Connection from '$name'", $p);
my $wbaId = Net::SSLeay::X509_NAME_get_text_by_NID($x509_name, &Net::SSLeay::NID_uniqueIdentifier);
unless ((defined $wbaId) && ($wbaId ne '')) {
my @uid = grep /^UID=/, split('/', $name);
unless (scalar @uid < 1) {
$wbaId = @uid[0] =~ s/^UID=//gr;
$wbaId =~ tr/a-z/A-Z/;
}
}
# Re-set the Operator-Name
my $oname = $p->get_attr('Operator-Name');
&main::log($main::LOG_DEBUG,"PreHandlerHook: WBA_RADSEC: Operator-Name before change: '$oname'");
if ((defined $oname) && ($oname ne '') && ) {
unless ($oname =~ /^1[0-9A-Za-z]{2,}\.wballiance\.com$/i )) {
$oname = '4OPENROAMING';
}
} elsif ((defined $wbaId) and ($wbaId ne '')) {
$oname = "4$wbaId";
} else {
$oname = '4OPENROAMING';
}
$p->change_attr('Operator-Name',$oname);
&main::log($main::LOG_DEBUG,"PreHandlerHook: WBA_RADSEC: Operator-Name: '$oname'");
return;
}