Дерево страниц
Перейти к концу метаданных
Переход к началу метаданных

Вы просматриваете старую версию данной страницы. Смотрите текущую версию.

Сравнить с текущим просмотр истории страницы

Версия 1 Текущий »

Service description

A microservice intended for session deauthentication and user MAC address removing. Eltex-disconnect interacts with the PCRF service to directly send a user session removing command and with the Doors authentication service to validate incoming JWT tokens.

Available API methods: disconnect

  • Eltex-disconnect will provide the following response in success:
    "success" : true
  • If an error occurs, a response will be as follows:
    "success" : false, 
    "fail" : "description of the error occured" 

Description of work

Disconnect waits for a GET request on port 9096 http://\{\{Ip_address\}\}:9096/disconnect?token=\{\{token\}
Request example:

After receiving a GET request, eltex-disconnect sends an obtained token to eltex-doors in order to check if data has been really sent from an authorized source. Eltex-doors checks a token and gives a response depending upon whether it is valid or not.

The next step is decoding of a token from which payload (metadata) on a session of a user to be deauthenticated is extracted.

Decoded token example:

  "sub": "user",
  "auth": [
  "iat": 1559279580,
  "exp": 1559351580,
  "nasIp": "",
  "sessionId": "5692549928996307964",
  "vrf": "1",
  "clientMac": "FC-45-96-5F-50-AC"

Description of the payload token fields

sub - a user
iat - token creation time
exp - token lifetime
nasIp - device's nas 
sessionId - unique user session
vrf - Virtual Routing and Forwarding
clientMac - client's MAC address

A disconnect GET request including all necessary parameters is sent to API PCRF: VRF, Mac, sessionId, nasIp

Request example:


PCRF performs appropriate actions: deauthentication and MACC address removing.


The service's configuration file is located at /etc/eltex-disconnect-service/application.conf

pcrf {
  host = localhost			PCRF service address
  port = 7070				the port listened by PCRF
  timeout = 100				response timeout

doors {
  host = localhost			address of Doors service
  port = 9097				port listened by Doors
  path = /api				path to request Doors
  timeout = 200				response timeout
  connectionTotal = 100		maximum number of connections to Doors

The logging configuration file /etc/eltex-disconnect-service/log4j2.xml

The configuration file for service initialization /etc/default/eltex-disconnect-service

PORT=9096						The port listened by the service 

# Initial size of Java heap
JAVA_INIT_HEAP=4m               RAM size allocated during initialization
# Maximum size of Java heap
JAVA_MAX_HEAP=32m				RAM size allocated during operation 

# Additional arguments to pass to java
JAVA_OPTS="-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/eltex-disconnect-service
  • Нет меток