I am trying to integrate with jradius client to communicate with Cisco ISE server for EAP-TLS authentication. I ran a sample test and below is the issue I am seeing in ISE logs: "TLS packet parsing failed: total accumulated size plus this last fragment size is greater than expected total TLS message size" But I am just setting the path for certificate and the RADIUS server details with username/pwd only.. Any feedback on what exactly I should at look at in my client code to resolve this ..
Below is the code snippet if you interested to check it:
String authMode ="eap-tls";
RadiusAuthenticator authenticator = RadiusClient.getAuthProtocol(authMode);
if(authenticator instanceof EAPTLSAuthenticator) {
EAPTLSAuthenticator eapTlsAuth = (EAPTLSAuthenticator)authenticator;
// client cert
eapTlsAuth.setKeyFileType("jks");
eapTlsAuth.setKeyFile("/opt/keystore");
eapTlsAuth.setKeyPassword("changeit");
// ca cert
eapTlsAuth.setCaFileType("jks");
eapTlsAuth.setCaFile("/opt/truststore");
eapTlsAuth.setCaPassword("changeit");
//eapTlsAuth.setTrustAll(true);
}
RadiusClient radClient = null;
try {
InetAddress host = InetAddress.getByName("10.197.71.98");
radClient = new RadiusClient(host, "roZes123", 1812, 1813, 10);
}
catch(Exception se) {
}
AttributeList attrs = new AttributeList();
attrs.add(new Attr_UserName("vasanth"));
AccessRequest accessRequest = new AccessRequest(radClient, attrs);
accessRequest.addAttribute(new Attr_UserPassword("roZes123"));
RadiusPacket reply = null;
try {
if(authenticator instanceof EAPAuthenticator) {
reply = radClient.authenticate(accessRequest, authenticator, 5);
}
else {
authenticator.setupRequest(radClient, accessRequest);
authenticator.processRequest(accessRequest);
InetAddress host = null;
try {
host = InetAddress.getByName("10.197.71.98");
} catch (UnknownHostException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//reply = radClient.sendReceive(accessRequest, host, 1812, 5);
radClient.setAuthPort(1812);
radClient.setRemoteInetAddress(host);
reply = radClient.sendReceive(accessRequest, 5);
}
}
catch(RadiusException e) {
}
if(reply==null) {
System.out.println("reply is null");
return;
}
String replyMessage = (String) reply.getAttributeValue(Attr_ReplyMessage.TYPE);
System.out.println("reply: "+replyMessage);
if (reply instanceof AccessReject) {
}
else if (reply instanceof AccessAccept) {
}
else if( reply instanceof AccessChallenge) {
}
}
Aucun commentaire:
Enregistrer un commentaire