OpenWiFi Security (OWSEC)
The OpenWiFi Security Service (a.k.a. OWSEC) is the Authentication and Resource Policy Access service for the TIP OpenWiFi Cloud SDK (OWSDK). In order to use the Cloud SDK you must have at least 1 OWSEC. OWSEC is the first point of contact for the entire architecture. We strongly recommend using Docker to deploy all the OWSDK. If you would like to develop and play with the source, please do.
OpenAPI
Like all other OWSDK services, OWSEC is defined through an OpenAPI. You can use this API to build your own applications or integration modules into your own systems. If all you need it to access the OWGW for example (the service that manages the APs), you will need to:
- get a token (
/oauth2) - find the endpoints on the system (
/systemEndpoints) - choose a microservice to manage (pick an endpoint that matches what you are trying to do by looking at its
type. For the Cloud SDK Controller, type = owgw) - make your calls (use the PublicEndPoint of the corresponding entry to make your calls,
do not forget to add
/api/v1as the root os the call)
The CLI for the OWGW has
a very good example of this. Look for the setgateway function.
You may get static page with OpenAPI docs generated from the definition on GitHub Page.
Also, you may use Swagger UI with OpenAPI definition file raw link (i.e. latest version file) to get interactive docs page.
Firewall Considerations
The entire uCentral systems uses several MicroServices. In order for the whole system to work, you should provide the following port access:
-
Security
- Properties file: owsec.properties
- Ports
- Public: 16001
- Private: 17001
- ALB: 16101
-
Gateway:
- Properties file: owgw.properties
- Ports
- Public: 16002
- Private: 17002
- ALB: 16102
-
Firmware:
- Properties file: owfms.properties
- Ports
- Public: 16004
- Private: 17004
- ALB: 16104
-
Provisioning:
- Properties file: owprov.properties
- Ports
- Public: 16004
- Private: 17004
- ALB: 16104
OWSEC Service Configuration
The configuration is kept in a file called owsec.properties. To understand the content of this file,
please look here
Default username and password
The default username and password are set in owsec.properties file. The following entries manage the username and password
authentication.default.username = tip@ucentral.com
authentication.default.password = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The password is a long sequence of hexadecimal digits. It is the result of hashing the username and the password.
In order to create the password, please follow these simple instructions.
echo -n "<password><username>" | shasum -a 256
Here is a complete example for username "root@system.com" and the password being "weLoveWifi".
echo -n "weLoveWifiroot@system.com" | shasum -a 256
b5bfed31e2a272e52973a57b95042ab842db3999475f3d79f1ce0f45f465e34c -
Then you need to modify your properties file like this
authentication.default.username = root@system.com
authentication.default.password = b5bfed31e2a272e52973a57b95042ab842db3999475f3d79f1ce0f45f465e34c
Remember, when you login, use root@system.com with the password weLoveWifi, not this monster digit sequence.
Changing default password
On the first startup of the service new user will be created with the default credentials from properties authentication.default.username and authentication.default.password, but you will have to change the password before making any real requests.
You can this using owgw-ui on first login or using the following script:
export OWSEC=openwifi.wlan.local:16001 # endpoint to your owsec RESTAPI endpoint
#export FLAGS="-k" # uncomment and add curl flags that you would like to pass for the request (for example '-k' may be used to pass errors with self-signed certificates)
export OWSEC_DEFAULT_USERNAME=root@system.com # default username that you've set in property 'authentication.default.username'
export OWSEC_DEFAULT_PASSWORD=weLoveWifi # default password __in cleartext__ from property 'authentication.default.password'
export OWSEC_NEW_PASSWORD=NewPass123% # new password that must be set for the user (must comply with 'authentication.validation.expression')
test_scripts/curl/cli testlogin $OWSEC_DEFAULT_USERNAME $OWSEC_DEFAULT_PASSWORD $OWSEC_NEW_PASSWORD
CLI is also included in Docker image if you want to run it this way:
export OWSEC=openwifi.wlan.local:16001
#export FLAGS="-k"
export OWSEC_DEFAULT_USERNAME=root@system.com
export OWSEC_DEFAULT_PASSWORD=weLoveWifi
export OWSEC_NEW_PASSWORD=NewPass123%
docker run --rm -ti \
--network=host \
--env OWSEC \
--env FLAGS \
--env OWSEC_DEFAULT_USERNAME \
--env OWSEC_DEFAULT_PASSWORD \
--env OWSEC_NEW_PASSWORD \
tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:main \
/cli testlogin $OWSEC_DEFAULT_USERNAME $OWSEC_DEFAULT_PASSWORD $OWSEC_NEW_PASSWORD
Firewall Considerations
| Port | Description | Configurable |
|---|---|---|
| 16001 | Default port for REST API Access to the OWSEC | yes |
It is very important that you not use spaces in your OrgName.
Kafka topics
Toe read more about Kafka, follow the document
Contributions
We need more contributors. Should you wish to contribute, please follow the contributions document.
Pull Requests
Please create a branch with the Jira addressing the issue you are fixing or the feature you are implementing. Create a pull-request from the branch into master.
Additional OWSDK Microservices
Here is a list of additional OWSDK microservices
| Name | Description | Link | OpenAPI |
|---|---|---|---|
| OWSEC | Security Service | here | here |
| OWGW | Controller Service | here | here |
| OWFMS | Firmware Management Service | here | here |
| OWPROV | Provisioning Service | here | here |
| OWANALYTICS | Analytics Service | here | here |