58
AP-2500 Authentication Methods

External Authentication

The External Web Server (EWS) interface was designed for customers who want to develop and use their own
content. It allows for more customization than if using the Internal Web Server (IWS). By using an EWS (External Web
Server) you can authenticate subscribers externally; the EWS is responsible for interacting with accounting or
authorizing services. You can use this authentication method if you have an existing authentication and billing system
place and you want to integrate the AP into that solution.
The AP uses XML (eXtensible Markup Language) to communicate with an External Web Server and obtain information
about current users. XML is a newer, more elegant way to use custom web content. XML is an open standard that is
tied closely into the HTML standard. XML is maintained by the World Wide Web Consortium (W3C). See
http://www.w3.org/ for more information on W3C and XML. Also, see RFC 3470 at http://www.rfc-editor.org/.
The AP can accept commands that follow the XML specification detailed in XML Interface Specification. The XML
interface allows the AP to accept and process these XML commands received from an external source. XML
commands are sent from the external source (External Web Server) in the form of an encoded query string. The AP
parses the query string, executes the commands specified by the string, and returns data to the system that initiated
the command request.

Authentication Procedure

The following diagram illustrates how a client is authenticated when the process is handled by an EWS.
Figure 3-4 External Authentication
1. Client connects to AP and launches Web browser. The AP adds the client to its Current Subscribers Table with
State set to “Pending”.
2. AP redirects client to the External Login Page URL located on the EWS (the EWS can be located on the AP’s
local network or on the Internet).
The AP redirects the customer when it receives an HTTP request from the customer’s browser.
If the browser’s default home page is loaded in the browser’s cache, the customer may not be redirected to
the external login page. But the customer will be redirected the first time he tries to access a new Web site.