GithubHelp home page GithubHelp logo

emileswarts / govwifi-frontend Goto Github PK

View Code? Open in Web Editor NEW

This project forked from alphagov/govwifi-frontend

0.0 1.0 0.0 87 KB

Freeradius server configuration for GovWifi

Dockerfile 9.23% Ruby 43.51% HTML 5.26% Makefile 13.76% Shell 28.25%

govwifi-frontend's Introduction

GovWifi Frontend

Purpose

This is the FreeRADIUS configuration for the GovWiFi project.

How to install and use

Currently it is not possible to run this service from inside this repository alone.

We instead recommend using the acceptance-tests repo to set up a development environment for making changes to FreeRADIUS or the healthcheck service.

Makefile targets are:

  • make test - Currently a no-op. Tests are located in the acceptance-tests repo
  • make lint - Runs linting on the healtcheck service, provided by govuk-lint

How it pieces together

This project has 2 main components; the RADIUS server, and the healthcheck service.

This RADIUS server is restarted daily by a separate app, the Safe Restarter.

Healthcheck

The healthcheck service acts as an adapter to a monitoring service (Route53 Healthchecks). When hit with a HTTP call, it will send a request to the radius server to ensure it can still authorise users. To accomplish this, eapol_test is used to simulate authentication using PEAP-MSCHAPv2.

All code is located under the healthcheck directory.

Radius

FreeRadius is an implementation of the RADIUS protocol.

Our servers implement:

  • EAP-TLS (client certificate authentication)
  • PEAP-MSCHAPv2 (Protected EAP with username + password)

Files

There are currently 5 files fetched when the service is initialised.

  • clients.conf Allows access points to communicate with the radius servers. This is generated by the GovWifi Admin service.
  • ca.pem, server.pem, server.key, comodo.pem Used to set up TLS tunnels, and authenticate clients using EAP-TLS

They are currently stored in an encrypted S3 bucket, and only the RADIUS servers are authorised to access files within the bucket.

Files are fetched once a night when the servers are restarted for updates.

High Level Process

When someone attempts to use GovWifi:

  1. The username and password is sent to the radius server
  2. Radius recieves, and sends a request to the authentication backend to fetch the known password
  3. The user password is checked against the known password
  4. the login attempt is logged in the logging backend
  5. either the user is accepted, or rejected depending on whether their password accepted.

How to contribute

  1. Fork the project
  2. Create a feature or fix branch
  3. Run the linter: make lint
  4. Run the acceptance tests
  5. Raise a pull request

govwifi-frontend's People

Contributors

antdking avatar dependabot-preview[bot] avatar dependabot-support avatar dependabot[bot] avatar emileswarts avatar kjdchapman avatar paroxp avatar rhowe-gds avatar rjbaker avatar robinmitra avatar sarahseewhy avatar steventux avatar tommotaylor avatar vixus0 avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.