mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 04:02:15 +02:00
Document webauth fallback when REST API for profile download is used
This add a way to signal that webauth needs to be used when a client erroursnly uses REST to try to download a profile. Signed-off-by: Arne Schwabe <arne@openvpn.net>
This commit is contained in:
parent
481a4319e2
commit
56dcd976b1
@ -177,6 +177,7 @@ The flags are also comma separated values. Currently, the followings flag that a
|
||||
* hidden-webview Starts the webview in hidden mode. See the web auth section for more details
|
||||
* external Indicates that an internal webivew should NOT be used but instead a normal
|
||||
browser is to be used.
|
||||
* internal Indicates that the internal webview should be used if possible
|
||||
|
||||
In general websites should also report ovpn-webauth without `embedded=true` parameter to allow
|
||||
clients without internal browser support to craft a url to open in an external browser that
|
||||
@ -329,6 +330,24 @@ User is not enrolled through the WEB client yet:
|
||||
<Message>You must enroll this user in Authenticator first before you are allowed to retrieve a connection profile. (9008)</Message>
|
||||
</Error>
|
||||
|
||||
Webauth fallback
|
||||
----------------
|
||||
This is used when the server is configured to use username/password as general
|
||||
authentication method but some users are setup to used the web based
|
||||
authentication method. Should a user that requires web based try to authenticate
|
||||
instead it will report an error:
|
||||
|
||||
<Error>
|
||||
<Type>Authorization Required</Type>
|
||||
<Synopsis>REST method failed</Synopsis>
|
||||
<Message>Ovpn-WebAuth: providername,flags</Message>
|
||||
</Error>
|
||||
|
||||
The format and meaning of the Ovpn-WebAuth is identical to the one used in the
|
||||
detection of web based profile download. If the client encounters this error it
|
||||
should offer the user to continue to the import using the web based profile
|
||||
download method.
|
||||
|
||||
Challenge/response authentication
|
||||
---------------------------------
|
||||
The challenge/response protocol for the Rest web api mirrors the approach
|
||||
|
Loading…
Reference in New Issue
Block a user