使用网页身份验证进行短信双重身份

添加ns变量<变量名> -type "map(text(65)，text(6)，100000)"-ifValueTooBig undef -ifNoValue undef -expires 5添加ns赋值<变量名> -variable "$test[AAA.USER. user .]SESSIONID]" -set ("000000" + SYS.RANDOM.MUL(1000000).TYPECAST_UNSIGNED_LONG_AT.TYPECAST_TEXT_T).SUFFIX(6) 

添加ns变量测试类型"map(text(65)，text(6)，100000)"-ifValueTooBig undef -ifNoValue undef -expires 5添加ns赋值test -variable "$test[AAA.USER. user . user]。SESSIONID]" -set ("000000" + SYS.RANDOM.MUL(1000000).TYPECAST_UNSIGNED_LONG_AT.TYPECAST_TEXT_T).SUFFIX(6) 

添加策略表达式<表达式名> ""method=sendMessage&send_to=&msg=OTP i " + $test[AAA.USER. user .]SESSIONID] + "用于登录安全接入网关。有效期至EXPIRE_TIME。&userid=#####&password=###=1.0"" add authentication webAuthAction webAuth_Get -serverIP  -serverPort  -fullReqExpr q{"GET /GatewayAPI/rest?"+ <表达式名称> + "HTTP/" + HTTP .req.version.major + "."+ http.req.version.minor.sub(1) +“\ r \ nAccept: \ * / \ \ r \ nHost: < FQDN > \ r \ n”}-successRule”http.res.status.eq(200)“-scheme -successRule true set authentication webAuthAction  <服务器IP地址> -serverPort 8080 -fullReqExpr q{"POST /MyPHP/auth.php HTTP/" + HTTP .req.version.major + "."+ http.req.version.major + "\r\nAccept:\*/\*\r\nHost: <服务器IP地址> \r\nContent-Length: 10\r\n\r\n" + }-scheme http -successRule true 

添加策略表达式otp_exp ""method=sendMessage&send_to=&msg=OTP i " + $test[AAA.USER. user]。SESSIONID] + "用于登录安全接入网关。有效期至EXPIRE_TIME。&userid=#####&password=###=1.0"" add authentication webAuthAction webAuth_Get -serverIP -serverIP 10.106.168.210 -serverPort 8080 -fullReqExpr q{"GET /GatewayAPI/rest?"+ otp_exp + "HTTP/" + HTTP .req.version.major + "."+ http.req.version.minor.sub(1) +“\ r \ nAccept: \ * / \ \ r \ nHost: < FQDN > \ r \ n”}-successRule”http.res.status.eq(200)“-scheme -successRule true set authentication webAuthAction webAuth_POST -serverIP 10.106.168.210 -serverPort 8080 -fullReqExpr q{"POST /MyPHP/auth.php HTTP/" + HTTP .req.version.major + "."+ http.req.version.major + "\r\nAccept:\*/\*\r\nHost: 10.106.168.210 \r\nContent-Length: 10\r\n\r\n" + otp_set} -scheme http -successRule true 

add authentication ldapAction ldap_action -serverIP 1.1.1.1 -serverPort 3268 -authTimeout 30 -ldapBase "dc=nsi-test,dc=com" -ldapBindDn Administrator@nsi-test.com -ldapBindDnPassword freebsd - ldapoginname samaccountname -groupAttrName memberOf -ssoNameAttribute samaccountname -Attribute1 mobile -email mail -CloudAttributes DISABLED add authentication Policy ldap_policy -rule true -action ldap_action 

add authentication policylabel set_otp -loginSchema LSCHEMA_INT add authentication Policy set_otp -rule true -action test add authentication Policy cascade_noauth -rule true -action NO_AUTHN add authentication Policy check_otp -rule "$test. valueexists (AAA.USER.SESSIONID)"-action NO_AUTHN bind authentication policylabel set_otp -policyName set_otp -priority 1 -gotoPriorityExpression NEXT bind authentication policylabel set_otp -policyName cascade_noauth -priority 2 -gotoPriorityExpression NEXT -nextFactor check_otp add authentication Policy check_otp -rule "$test.valueExists(AAA.USER.SESSIONID)"-action NO_AUTHN add authentication policylabel check_otp -loginSchema LSCHEMA_INT add authentication Policy wpp -rule true -action webAuth_POST add authentication Policy wpp_cascade_noauth -rule true -action NO_AUTHN bind authentication policylabel check_otp -policyName wpp -priority 1 -gotoPriorityExpression NEXT bind authentication policylabel check_otp -policyName wpp_cascade_noauth -priority 2 -gotoPriorityExpression NEXT -nextFactor otp_verify add authentication Policy otp_verify -rule“AAA.LOGIN.PASSWORD.EQ($测试[AAA.USER.SESSIONID])”-action NO_AUTHN add authentication policylabel otp_verify -loginSchema onlyypassword bind authentication policylabel otp_verify -policyName otp_verify -priority 1 -gotoPriorityExpression NEXT add authentication vserver avs SSL 10.106.40.121 443 bind authentication vserver avs -policy ldap_policy -priority 1 -nextFactor set_otp -gotoPriorityExpression NEXT