RADIUS Class

Properties   Methods   Events   Config Settings   Errors  

The RADIUS class provides an easy way to authenticate users.

Class Name

IPWorksAuth_RADIUS

Procedural Interface

 ipworksauth_radius_open();
 ipworksauth_radius_close($res);
 ipworksauth_radius_register_callback($res, $id, $function);
 ipworksauth_radius_get_last_error($res);
 ipworksauth_radius_get_last_error_code($res);
 ipworksauth_radius_set($res, $id, $index, $value);
 ipworksauth_radius_get($res, $id, $index);
 ipworksauth_radius_do_authenticate($res);
 ipworksauth_radius_do_config($res, $configurationstring);
 ipworksauth_radius_do_doevents($res);
 ipworksauth_radius_do_interrupt($res);
 ipworksauth_radius_do_reset($res);

Remarks

The RADIUS component implements support for Remote Authentication Dial In User Service (RADIUS). Communication can be performed over UDP or DTLS, which is controlled by the value of the SSLEnabled property.

Authentication

The class can be used to authenticate users with a RADIUS server. To begin set the following properties:

• RemoteHost
• RemotePort (optional)
• User
• Password
• SharedSecret

The AuthMechanism property may be set to specify the authentication mechanism used.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

AttrCount Property (IPWorksAuth_RADIUS Class)

The number of records in the Attr arrays.

Object Oriented Interface

public function getAttrCount();


public function setAttrCount($value);

Procedural Interface

ipworksauth_radius_get($res, 1 );


ipworksauth_radius_set($res, 1, $value );

Default Value

0

Remarks

This property controls the size of the following arrays:

• AttrName
• AttrType
• AttrValue

The array indices start at 0 and end at AttrCount - 1.

This property is not available at design time.

Data Type

Integer

AttrType Property (IPWorksAuth_RADIUS Class)

The type of the attribute.

Object Oriented Interface

public function getAttrType($attrindex);


public function setAttrType($attrindex, $value);

Procedural Interface

ipworksauth_radius_get($res, 2 , $attrindex);


ipworksauth_radius_set($res, 2, $value , $attrindex);

Default Value

0

Remarks

The type of the attribute.

This property identifies the type of the attribute. Common values are:

The $attrindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttrCount property.

This property is not available at design time.

Data Type

Integer

AttrName Property (IPWorksAuth_RADIUS Class)

A text description of the attribute type.

Object Oriented Interface

public function getAttrName($attrindex);

Procedural Interface

ipworksauth_radius_get($res, 3 , $attrindex);

Default Value

''

Remarks

A text description of the attribute type.

This property holds a text description of the AttributeType.

The $attrindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttrCount property.

This property is read-only and not available at design time.

Data Type

String

AttrValue Property (IPWorksAuth_RADIUS Class)

The attribute value.

Object Oriented Interface

public function getAttrValue($attrindex);


public function setAttrValue($attrindex, $value);

Procedural Interface

ipworksauth_radius_get($res, 4 , $attrindex);


ipworksauth_radius_set($res, 4, $value , $attrindex);

Default Value

''

Remarks

The attribute value.

The $attrindex parameter specifies the index of the item in the array. The size of the array is controlled by the AttrCount property.

This property is not available at design time.

Data Type

Binary String

AuthMechanism Property (IPWorksAuth_RADIUS Class)

The authentication mechanism to be used when connecting to the RADIUS server.

Object Oriented Interface

public function getAuthMechanism();


public function setAuthMechanism($value);

Procedural Interface

ipworksauth_radius_get($res, 5 );


ipworksauth_radius_set($res, 5, $value );

Default Value

0

Remarks

This property defines the authentication mechanism used when connecting to the RADIUS server. Possible values are:

Data Type

Integer

EAPAnonymousIdentity Property (IPWorksAuth_RADIUS Class)

The identity to use when using PEAP or EAP-TLS.

Object Oriented Interface

public function getEAPAnonymousIdentity();


public function setEAPAnonymousIdentity($value);

Procedural Interface

ipworksauth_radius_get($res, 6 );


ipworksauth_radius_set($res, 6, $value );

Default Value

'anonymous'

Remarks

This property specifies the initial identity to use when establishing a secure connection using PEAP. When AuthMechanism is set to amPEAPv0 or emEAPTLS the connection begins in plaintext. This property specifies the user name (if any) that is sent in the initial plaintext request. This allows the true identity of the user to be hidden.

If set, the value will be sent in the plaintext connection request. If not set (empty string) the User will be sent. Authentication servers may make use of a value that includes the domain to which the user will authenticate, such as anonymous@example.com. In that case the user's identity is still hidden, however the authentication server will have knowledge of the domain for the user which it may make use of.

Once a secure connection is established the user's true identity is sent to the authentication server over the TLS encrypted connection. This property specifies only the identity sent in the initial plaintext request.

The default value is anonymous.

This setting is only applicable when AuthMechanism is set to amPEAPv0 or amEAPTLS.

Data Type

String

LocalHost Property (IPWorksAuth_RADIUS Class)

This property includes the name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Object Oriented Interface

public function getLocalHost();


public function setLocalHost($value);

Procedural Interface

ipworksauth_radius_get($res, 7 );


ipworksauth_radius_set($res, 7, $value );

Default Value

''

Remarks

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the IP address of an interface will make the class initiate connections (or accept in the case of server classs) only through that interface. It is recommended to provide an IP address rather than a hostname when setting this property to ensure the desired interface is used.

If the class is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

Note: LocalHost is not persistent. You must always set it in code, and never in the property window.

Data Type

String

LocalPort Property (IPWorksAuth_RADIUS Class)

This property includes the User Datagram Protocol (UDP) port in the local host where UDP binds.

Object Oriented Interface

public function getLocalPort();


public function setLocalPort($value);

Procedural Interface

ipworksauth_radius_get($res, 8 );


ipworksauth_radius_set($res, 8, $value );

Default Value

0

Remarks

The LocalPort property must be set before UDP is activated (Active is set to True). This instructs the class to bind to a specific port (or communication endpoint) in the local machine.

Setting it to 0 (default) enables the Transmission Control Protocol (TCP)/IP stack to choose a port at random. The chosen port will be shown by the LocalPort property after the connection is established.

LocalPort cannot be changed once the class is Active. Any attempt to set the LocalPort property when the class is Active will generate an error.

The LocalPort property is useful when trying to connect to services that require a trusted port on the client side.

Data Type

Integer

Password Property (IPWorksAuth_RADIUS Class)

The user's password.

Object Oriented Interface

public function getPassword();


public function setPassword($value);

Procedural Interface

ipworksauth_radius_get($res, 9 );


ipworksauth_radius_set($res, 9, $value );

Default Value

''

Remarks

This property specifies the password for the User. This must be set before calling Authenticate.

Data Type

String

RemoteHost Property (IPWorksAuth_RADIUS Class)

This property includes the address of the remote host. Domain names are resolved to IP addresses.

Object Oriented Interface

public function getRemoteHost();


public function setRemoteHost($value);

Procedural Interface

ipworksauth_radius_get($res, 10 );


ipworksauth_radius_set($res, 10, $value );

Default Value

''

Remarks

The RemoteHost property specifies the IP address (IP number in dotted internet format) or domain name of the remote host.

If RemoteHost is set to 255.255.255.255, the class broadcasts data on the local subnet.

If the RemoteHost property is set to a domain name, a DNS request is initiated, and upon successful termination of the request, the RemoteHost property is set to the corresponding address. If the search is not successful, an error is returned.

If UseConnection is set to True, the RemoteHost must be set before the class is activated (Active is set to True).

Data Type

String

RemotePort Property (IPWorksAuth_RADIUS Class)

The port for the RADIUS server (default is 1812).

Object Oriented Interface

public function getRemotePort();


public function setRemotePort($value);

Procedural Interface

ipworksauth_radius_get($res, 11 );


ipworksauth_radius_set($res, 11, $value );

Default Value

1812

Remarks

The RemotePort is the UDP port to which requests will be made. The default value is 1812. Port 1645 is also commonly used.

Data Type

Integer

SharedSecret Property (IPWorksAuth_RADIUS Class)

The RADIUS shared secret.

Object Oriented Interface

public function getSharedSecret();


public function setSharedSecret($value);

Procedural Interface

ipworksauth_radius_get($res, 12 );


ipworksauth_radius_set($res, 12, $value );

Default Value

''

Remarks

This property holds the shared secret to use when communicating with the RADIUS server.

Data Type

Binary String

SSLAcceptServerCertEffectiveDate Property (IPWorksAuth_RADIUS Class)

This is the date on which this certificate becomes valid.

Object Oriented Interface

public function getSSLAcceptServerCertEffectiveDate();

Procedural Interface

ipworksauth_radius_get($res, 13 );

Default Value

''

Remarks

This is the date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExpirationDate Property (IPWorksAuth_RADIUS Class)

This is the date the certificate expires.

Object Oriented Interface

public function getSSLAcceptServerCertExpirationDate();

Procedural Interface

ipworksauth_radius_get($res, 14 );

Default Value

''

Remarks

This is the date the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExtendedKeyUsage Property (IPWorksAuth_RADIUS Class)

This is a comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getSSLAcceptServerCertExtendedKeyUsage();

Procedural Interface

ipworksauth_radius_get($res, 15 );

Default Value

''

Remarks

This is a comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprint Property (IPWorksAuth_RADIUS Class)

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertFingerprint();

Procedural Interface

ipworksauth_radius_get($res, 16 );

Default Value

''

Remarks

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA1 Property (IPWorksAuth_RADIUS Class)

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertFingerprintSHA1();

Procedural Interface

ipworksauth_radius_get($res, 17 );

Default Value

''

Remarks

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA256 Property (IPWorksAuth_RADIUS Class)

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertFingerprintSHA256();

Procedural Interface

ipworksauth_radius_get($res, 18 );

Default Value

''

Remarks

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLAcceptServerCertIssuer Property (IPWorksAuth_RADIUS Class)

This is the issuer of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertIssuer();

Procedural Interface

ipworksauth_radius_get($res, 19 );

Default Value

''

Remarks

This is the issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKey Property (IPWorksAuth_RADIUS Class)

This is the private key of the certificate (if available).

Object Oriented Interface

public function getSSLAcceptServerCertPrivateKey();

Procedural Interface

ipworksauth_radius_get($res, 20 );

Default Value

''

Remarks

This is the private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLAcceptServerCertPrivateKey may be available but not exportable. In this case, SSLAcceptServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKeyAvailable Property (IPWorksAuth_RADIUS Class)

This property shows whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getSSLAcceptServerCertPrivateKeyAvailable();

Procedural Interface

ipworksauth_radius_get($res, 21 );

Default Value

false

Remarks

This property shows whether a SSLAcceptServerCertPrivateKey is available for the selected certificate. If SSLAcceptServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLAcceptServerCertPrivateKeyContainer Property (IPWorksAuth_RADIUS Class)

This is the name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getSSLAcceptServerCertPrivateKeyContainer();

Procedural Interface

ipworksauth_radius_get($res, 22 );

Default Value

''

Remarks

This is the name of the SSLAcceptServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKey Property (IPWorksAuth_RADIUS Class)

This is the public key of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertPublicKey();

Procedural Interface

ipworksauth_radius_get($res, 23 );

Default Value

''

Remarks

This is the public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyAlgorithm Property (IPWorksAuth_RADIUS Class)

This property contains the textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getSSLAcceptServerCertPublicKeyAlgorithm();

Procedural Interface

ipworksauth_radius_get($res, 24 );

Default Value

''

Remarks

This property contains the textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyLength Property (IPWorksAuth_RADIUS Class)

This is the length of the certificate's public key (in bits).

Object Oriented Interface

public function getSSLAcceptServerCertPublicKeyLength();

Procedural Interface

ipworksauth_radius_get($res, 25 );

Default Value

0

Remarks

This is the length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertSerialNumber Property (IPWorksAuth_RADIUS Class)

This is the serial number of the certificate encoded as a string.

Object Oriented Interface

public function getSSLAcceptServerCertSerialNumber();

Procedural Interface

ipworksauth_radius_get($res, 26 );

Default Value

''

Remarks

This is the serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLAcceptServerCertSignatureAlgorithm Property (IPWorksAuth_RADIUS Class)

The property contains the text description of the certificate's signature algorithm.

Object Oriented Interface

public function getSSLAcceptServerCertSignatureAlgorithm();

Procedural Interface

ipworksauth_radius_get($res, 27 );

Default Value

''

Remarks

The property contains the text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertStore Property (IPWorksAuth_RADIUS Class)

This is the name of the certificate store for the client certificate.

Object Oriented Interface

public function getSSLAcceptServerCertStore();


public function setSSLAcceptServerCertStore($value);

Procedural Interface

ipworksauth_radius_get($res, 28 );


ipworksauth_radius_set($res, 28, $value );

Default Value

'MY'

Remarks

This is the name of the certificate store for the client certificate.

The SSLAcceptServerCertStoreType property denotes the type of the certificate store specified by SSLAcceptServerCertStore. If the store is password protected, specify the password in SSLAcceptServerCertStorePassword.

SSLAcceptServerCertStore is used in conjunction with the SSLAcceptServerCertSubject property to specify client certificates. If SSLAcceptServerCertStore has a value, and SSLAcceptServerCertSubject or SSLAcceptServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLAcceptServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

Data Type

Binary String

SSLAcceptServerCertStorePassword Property (IPWorksAuth_RADIUS Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getSSLAcceptServerCertStorePassword();


public function setSSLAcceptServerCertStorePassword($value);

Procedural Interface

ipworksauth_radius_get($res, 29 );


ipworksauth_radius_set($res, 29, $value );

Default Value

''

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLAcceptServerCertStoreType Property (IPWorksAuth_RADIUS Class)

This is the type of certificate store for this certificate.

Object Oriented Interface

public function getSSLAcceptServerCertStoreType();


public function setSSLAcceptServerCertStoreType($value);

Procedural Interface

ipworksauth_radius_get($res, 30 );


ipworksauth_radius_set($res, 30, $value );

Default Value

0

Remarks

This is the type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLAcceptServerCertSubjectAltNames Property (IPWorksAuth_RADIUS Class)

This property contains comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertSubjectAltNames();

Procedural Interface

ipworksauth_radius_get($res, 31 );

Default Value

''

Remarks

This property contains comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintMD5 Property (IPWorksAuth_RADIUS Class)

This property contains the MD5 hash of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertThumbprintMD5();

Procedural Interface

ipworksauth_radius_get($res, 32 );

Default Value

''

Remarks

This property contains the MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA1 Property (IPWorksAuth_RADIUS Class)

This property contains the SHA-1 hash of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertThumbprintSHA1();

Procedural Interface

ipworksauth_radius_get($res, 33 );

Default Value

''

Remarks

This property contains the SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA256 Property (IPWorksAuth_RADIUS Class)

This property contains the SHA-256 hash of the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertThumbprintSHA256();

Procedural Interface

ipworksauth_radius_get($res, 34 );

Default Value

''

Remarks

This property contains the SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsage Property (IPWorksAuth_RADIUS Class)

This property contains the text description of UsageFlags .

Object Oriented Interface

public function getSSLAcceptServerCertUsage();

Procedural Interface

ipworksauth_radius_get($res, 35 );

Default Value

''

Remarks

This property contains the text description of SSLAcceptServerCertUsageFlags.

This value will be of one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsageFlags Property (IPWorksAuth_RADIUS Class)

This property contains the flags that show intended use for the certificate.

Object Oriented Interface

public function getSSLAcceptServerCertUsageFlags();

Procedural Interface

ipworksauth_radius_get($res, 36 );

Default Value

0

Remarks

This property contains the flags that show intended use for the certificate. The value of SSLAcceptServerCertUsageFlags is a combination of the following flags:

Please see the SSLAcceptServerCertUsage property for a text representation of SSLAcceptServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertVersion Property (IPWorksAuth_RADIUS Class)

This property contains the certificate's version number.

Object Oriented Interface

public function getSSLAcceptServerCertVersion();

Procedural Interface

ipworksauth_radius_get($res, 37 );

Default Value

''

Remarks

This property contains the certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLAcceptServerCertSubject Property (IPWorksAuth_RADIUS Class)

This is the subject of the certificate used for client authentication.

Object Oriented Interface

public function getSSLAcceptServerCertSubject();


public function setSSLAcceptServerCertSubject($value);

Procedural Interface

ipworksauth_radius_get($res, 38 );


ipworksauth_radius_set($res, 38, $value );

Default Value

''

Remarks

This is the subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLAcceptServerCertEncoded Property (IPWorksAuth_RADIUS Class)

This is the certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getSSLAcceptServerCertEncoded();


public function setSSLAcceptServerCertEncoded($value);

Procedural Interface

ipworksauth_radius_get($res, 39 );


ipworksauth_radius_set($res, 39, $value );

Default Value

''

Remarks

This is the certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLAcceptServerCertStore and SSLAcceptServerCertSubject properties also may be used to specify a certificate.

When SSLAcceptServerCertEncoded is set, a search is initiated in the current SSLAcceptServerCertStore for the private key of the certificate. If the key is found, SSLAcceptServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLAcceptServerCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Binary String

SSLCertEffectiveDate Property (IPWorksAuth_RADIUS Class)

This is the date on which this certificate becomes valid.

Object Oriented Interface

public function getSSLCertEffectiveDate();

Procedural Interface

ipworksauth_radius_get($res, 40 );

Default Value

''

Remarks

This is the date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLCertExpirationDate Property (IPWorksAuth_RADIUS Class)

This is the date the certificate expires.

Object Oriented Interface

public function getSSLCertExpirationDate();

Procedural Interface

ipworksauth_radius_get($res, 41 );

Default Value

''

Remarks

This is the date the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLCertExtendedKeyUsage Property (IPWorksAuth_RADIUS Class)

This is a comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getSSLCertExtendedKeyUsage();

Procedural Interface

ipworksauth_radius_get($res, 42 );

Default Value

''

Remarks

This is a comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLCertFingerprint Property (IPWorksAuth_RADIUS Class)

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getSSLCertFingerprint();

Procedural Interface

ipworksauth_radius_get($res, 43 );

Default Value

''

Remarks

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLCertFingerprintSHA1 Property (IPWorksAuth_RADIUS Class)

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getSSLCertFingerprintSHA1();

Procedural Interface

ipworksauth_radius_get($res, 44 );

Default Value

''

Remarks

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLCertFingerprintSHA256 Property (IPWorksAuth_RADIUS Class)

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getSSLCertFingerprintSHA256();

Procedural Interface

ipworksauth_radius_get($res, 45 );

Default Value

''

Remarks

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLCertIssuer Property (IPWorksAuth_RADIUS Class)

This is the issuer of the certificate.

Object Oriented Interface

public function getSSLCertIssuer();

Procedural Interface

ipworksauth_radius_get($res, 46 );

Default Value

''

Remarks

This is the issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLCertPrivateKey Property (IPWorksAuth_RADIUS Class)

This is the private key of the certificate (if available).

Object Oriented Interface

public function getSSLCertPrivateKey();

Procedural Interface

ipworksauth_radius_get($res, 47 );

Default Value

''

Remarks

This is the private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLCertPrivateKey may be available but not exportable. In this case, SSLCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLCertPrivateKeyAvailable Property (IPWorksAuth_RADIUS Class)

This property shows whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getSSLCertPrivateKeyAvailable();

Procedural Interface

ipworksauth_radius_get($res, 48 );

Default Value

false

Remarks

This property shows whether a SSLCertPrivateKey is available for the selected certificate. If SSLCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLCertPrivateKeyContainer Property (IPWorksAuth_RADIUS Class)

This is the name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getSSLCertPrivateKeyContainer();

Procedural Interface

ipworksauth_radius_get($res, 49 );

Default Value

''

Remarks

This is the name of the SSLCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLCertPublicKey Property (IPWorksAuth_RADIUS Class)

This is the public key of the certificate.

Object Oriented Interface

public function getSSLCertPublicKey();

Procedural Interface

ipworksauth_radius_get($res, 50 );

Default Value

''

Remarks

This is the public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLCertPublicKeyAlgorithm Property (IPWorksAuth_RADIUS Class)

This property contains the textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getSSLCertPublicKeyAlgorithm();

Procedural Interface

ipworksauth_radius_get($res, 51 );

Default Value

''

Remarks

This property contains the textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertPublicKeyLength Property (IPWorksAuth_RADIUS Class)

This is the length of the certificate's public key (in bits).

Object Oriented Interface

public function getSSLCertPublicKeyLength();

Procedural Interface

ipworksauth_radius_get($res, 52 );

Default Value

0

Remarks

This is the length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLCertSerialNumber Property (IPWorksAuth_RADIUS Class)

This is the serial number of the certificate encoded as a string.

Object Oriented Interface

public function getSSLCertSerialNumber();

Procedural Interface

ipworksauth_radius_get($res, 53 );

Default Value

''

Remarks

This is the serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLCertSignatureAlgorithm Property (IPWorksAuth_RADIUS Class)

The property contains the text description of the certificate's signature algorithm.

Object Oriented Interface

public function getSSLCertSignatureAlgorithm();

Procedural Interface

ipworksauth_radius_get($res, 54 );

Default Value

''

Remarks

The property contains the text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertStore Property (IPWorksAuth_RADIUS Class)

This is the name of the certificate store for the client certificate.

Object Oriented Interface

public function getSSLCertStore();


public function setSSLCertStore($value);

Procedural Interface

ipworksauth_radius_get($res, 55 );


ipworksauth_radius_set($res, 55, $value );

Default Value

'MY'

Remarks

This is the name of the certificate store for the client certificate.

The SSLCertStoreType property denotes the type of the certificate store specified by SSLCertStore. If the store is password protected, specify the password in SSLCertStorePassword.

SSLCertStore is used in conjunction with the SSLCertSubject property to specify client certificates. If SSLCertStore has a value, and SSLCertSubject or SSLCertEncoded is set, a search for a certificate is initiated. Please see the SSLCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

Data Type

Binary String

SSLCertStorePassword Property (IPWorksAuth_RADIUS Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getSSLCertStorePassword();


public function setSSLCertStorePassword($value);

Procedural Interface

ipworksauth_radius_get($res, 56 );


ipworksauth_radius_set($res, 56, $value );

Default Value

''

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLCertStoreType Property (IPWorksAuth_RADIUS Class)

This is the type of certificate store for this certificate.

Object Oriented Interface

public function getSSLCertStoreType();


public function setSSLCertStoreType($value);

Procedural Interface

ipworksauth_radius_get($res, 57 );


ipworksauth_radius_set($res, 57, $value );

Default Value

0

Remarks

This is the type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLCertSubjectAltNames Property (IPWorksAuth_RADIUS Class)

This property contains comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getSSLCertSubjectAltNames();

Procedural Interface

ipworksauth_radius_get($res, 58 );

Default Value

''

Remarks

This property contains comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLCertThumbprintMD5 Property (IPWorksAuth_RADIUS Class)

This property contains the MD5 hash of the certificate.

Object Oriented Interface

public function getSSLCertThumbprintMD5();

Procedural Interface

ipworksauth_radius_get($res, 59 );

Default Value

''

Remarks

This property contains the MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA1 Property (IPWorksAuth_RADIUS Class)

This property contains the SHA-1 hash of the certificate.

Object Oriented Interface

public function getSSLCertThumbprintSHA1();

Procedural Interface

ipworksauth_radius_get($res, 60 );

Default Value

''

Remarks

This property contains the SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA256 Property (IPWorksAuth_RADIUS Class)

This property contains the SHA-256 hash of the certificate.

Object Oriented Interface

public function getSSLCertThumbprintSHA256();

Procedural Interface

ipworksauth_radius_get($res, 61 );

Default Value

''

Remarks

This property contains the SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertUsage Property (IPWorksAuth_RADIUS Class)

This property contains the text description of UsageFlags .

Object Oriented Interface

public function getSSLCertUsage();

Procedural Interface

ipworksauth_radius_get($res, 62 );

Default Value

''

Remarks

This property contains the text description of SSLCertUsageFlags.

This value will be of one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLCertUsageFlags Property (IPWorksAuth_RADIUS Class)

This property contains the flags that show intended use for the certificate.

Object Oriented Interface

public function getSSLCertUsageFlags();

Procedural Interface

ipworksauth_radius_get($res, 63 );

Default Value

0

Remarks

This property contains the flags that show intended use for the certificate. The value of SSLCertUsageFlags is a combination of the following flags:

Please see the SSLCertUsage property for a text representation of SSLCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLCertVersion Property (IPWorksAuth_RADIUS Class)

This property contains the certificate's version number.

Object Oriented Interface

public function getSSLCertVersion();

Procedural Interface

ipworksauth_radius_get($res, 64 );

Default Value

''

Remarks

This property contains the certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLCertSubject Property (IPWorksAuth_RADIUS Class)

This is the subject of the certificate used for client authentication.

Object Oriented Interface

public function getSSLCertSubject();


public function setSSLCertSubject($value);

Procedural Interface

ipworksauth_radius_get($res, 65 );


ipworksauth_radius_set($res, 65, $value );

Default Value

''

Remarks

This is the subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLCertEncoded Property (IPWorksAuth_RADIUS Class)

This is the certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getSSLCertEncoded();


public function setSSLCertEncoded($value);

Procedural Interface

ipworksauth_radius_get($res, 66 );


ipworksauth_radius_set($res, 66, $value );

Default Value

''

Remarks

This is the certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLCertStore and SSLCertSubject properties also may be used to specify a certificate.

When SSLCertEncoded is set, a search is initiated in the current SSLCertStore for the private key of the certificate. If the key is found, SSLCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Binary String

SSLEnabled Property (IPWorksAuth_RADIUS Class)

This property indicates whether Datagram Transport Layer Security (DTLS) is enabled.

Object Oriented Interface

public function getSSLEnabled();


public function setSSLEnabled($value);

Procedural Interface

ipworksauth_radius_get($res, 67 );


ipworksauth_radius_set($res, 67, $value );

Default Value

false

Remarks

This property specifies whether DTLS is enabled in the class. When false (default), the class operates in plaintext mode over UDP. When true, DTLS is enabled.

This property is not available at design time.

Data Type

Boolean

SSLServerCertEffectiveDate Property (IPWorksAuth_RADIUS Class)

This is the date on which this certificate becomes valid.

Object Oriented Interface

public function getSSLServerCertEffectiveDate();

Procedural Interface

ipworksauth_radius_get($res, 68 );

Default Value

''

Remarks

This is the date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLServerCertExpirationDate Property (IPWorksAuth_RADIUS Class)

This is the date the certificate expires.

Object Oriented Interface

public function getSSLServerCertExpirationDate();

Procedural Interface

ipworksauth_radius_get($res, 69 );

Default Value

''

Remarks

This is the date the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLServerCertExtendedKeyUsage Property (IPWorksAuth_RADIUS Class)

This is a comma-delimited list of extended key usage identifiers.

Object Oriented Interface

public function getSSLServerCertExtendedKeyUsage();

Procedural Interface

ipworksauth_radius_get($res, 70 );

Default Value

''

Remarks

This is a comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLServerCertFingerprint Property (IPWorksAuth_RADIUS Class)

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate.

Object Oriented Interface

public function getSSLServerCertFingerprint();

Procedural Interface

ipworksauth_radius_get($res, 71 );

Default Value

''

Remarks

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLServerCertFingerprintSHA1 Property (IPWorksAuth_RADIUS Class)

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Object Oriented Interface

public function getSSLServerCertFingerprintSHA1();

Procedural Interface

ipworksauth_radius_get($res, 72 );

Default Value

''

Remarks

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLServerCertFingerprintSHA256 Property (IPWorksAuth_RADIUS Class)

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Object Oriented Interface

public function getSSLServerCertFingerprintSHA256();

Procedural Interface

ipworksauth_radius_get($res, 73 );

Default Value

''

Remarks

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLServerCertIssuer Property (IPWorksAuth_RADIUS Class)

This is the issuer of the certificate.

Object Oriented Interface

public function getSSLServerCertIssuer();

Procedural Interface

ipworksauth_radius_get($res, 74 );

Default Value

''

Remarks

This is the issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLServerCertPrivateKey Property (IPWorksAuth_RADIUS Class)

This is the private key of the certificate (if available).

Object Oriented Interface

public function getSSLServerCertPrivateKey();

Procedural Interface

ipworksauth_radius_get($res, 75 );

Default Value

''

Remarks

This is the private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLServerCertPrivateKey may be available but not exportable. In this case, SSLServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLServerCertPrivateKeyAvailable Property (IPWorksAuth_RADIUS Class)

This property shows whether a PrivateKey is available for the selected certificate.

Object Oriented Interface

public function getSSLServerCertPrivateKeyAvailable();

Procedural Interface

ipworksauth_radius_get($res, 76 );

Default Value

false

Remarks

This property shows whether a SSLServerCertPrivateKey is available for the selected certificate. If SSLServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLServerCertPrivateKeyContainer Property (IPWorksAuth_RADIUS Class)

This is the name of the PrivateKey container for the certificate (if available).

Object Oriented Interface

public function getSSLServerCertPrivateKeyContainer();

Procedural Interface

ipworksauth_radius_get($res, 77 );

Default Value

''

Remarks

This is the name of the SSLServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLServerCertPublicKey Property (IPWorksAuth_RADIUS Class)

This is the public key of the certificate.

Object Oriented Interface

public function getSSLServerCertPublicKey();

Procedural Interface

ipworksauth_radius_get($res, 78 );

Default Value

''

Remarks

This is the public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLServerCertPublicKeyAlgorithm Property (IPWorksAuth_RADIUS Class)

This property contains the textual description of the certificate's public key algorithm.

Object Oriented Interface

public function getSSLServerCertPublicKeyAlgorithm();

Procedural Interface

ipworksauth_radius_get($res, 79 );

Default Value

''

Remarks

This property contains the textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLServerCertPublicKeyLength Property (IPWorksAuth_RADIUS Class)

This is the length of the certificate's public key (in bits).

Object Oriented Interface

public function getSSLServerCertPublicKeyLength();

Procedural Interface

ipworksauth_radius_get($res, 80 );

Default Value

0

Remarks

This is the length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLServerCertSerialNumber Property (IPWorksAuth_RADIUS Class)

This is the serial number of the certificate encoded as a string.

Object Oriented Interface

public function getSSLServerCertSerialNumber();

Procedural Interface

ipworksauth_radius_get($res, 81 );

Default Value

''

Remarks

This is the serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLServerCertSignatureAlgorithm Property (IPWorksAuth_RADIUS Class)

The property contains the text description of the certificate's signature algorithm.

Object Oriented Interface

public function getSSLServerCertSignatureAlgorithm();

Procedural Interface

ipworksauth_radius_get($res, 82 );

Default Value

''

Remarks

The property contains the text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLServerCertStore Property (IPWorksAuth_RADIUS Class)

This is the name of the certificate store for the client certificate.

Object Oriented Interface

public function getSSLServerCertStore();

Procedural Interface

ipworksauth_radius_get($res, 83 );

Default Value

'MY'

Remarks

This is the name of the certificate store for the client certificate.

The SSLServerCertStoreType property denotes the type of the certificate store specified by SSLServerCertStore. If the store is password protected, specify the password in SSLServerCertStorePassword.

SSLServerCertStore is used in conjunction with the SSLServerCertSubject property to specify client certificates. If SSLServerCertStore has a value, and SSLServerCertSubject or SSLServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

This property is read-only.

Data Type

Binary String

SSLServerCertStorePassword Property (IPWorksAuth_RADIUS Class)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Object Oriented Interface

public function getSSLServerCertStorePassword();

Procedural Interface

ipworksauth_radius_get($res, 84 );

Default Value

''

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is read-only.

Data Type

String

SSLServerCertStoreType Property (IPWorksAuth_RADIUS Class)

This is the type of certificate store for this certificate.

Object Oriented Interface

public function getSSLServerCertStoreType();

Procedural Interface

ipworksauth_radius_get($res, 85 );

Default Value

0

Remarks

This is the type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

This property is read-only.

Data Type

Integer

SSLServerCertSubjectAltNames Property (IPWorksAuth_RADIUS Class)

This property contains comma-separated lists of alternative subject names for the certificate.

Object Oriented Interface

public function getSSLServerCertSubjectAltNames();

Procedural Interface

ipworksauth_radius_get($res, 86 );

Default Value

''

Remarks

This property contains comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLServerCertThumbprintMD5 Property (IPWorksAuth_RADIUS Class)

This property contains the MD5 hash of the certificate.

Object Oriented Interface

public function getSSLServerCertThumbprintMD5();

Procedural Interface

ipworksauth_radius_get($res, 87 );

Default Value

''

Remarks

This property contains the MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertThumbprintSHA1 Property (IPWorksAuth_RADIUS Class)

This property contains the SHA-1 hash of the certificate.

Object Oriented Interface

public function getSSLServerCertThumbprintSHA1();

Procedural Interface

ipworksauth_radius_get($res, 88 );

Default Value

''

Remarks

This property contains the SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertThumbprintSHA256 Property (IPWorksAuth_RADIUS Class)

This property contains the SHA-256 hash of the certificate.

Object Oriented Interface

public function getSSLServerCertThumbprintSHA256();

Procedural Interface

ipworksauth_radius_get($res, 89 );

Default Value

''

Remarks

This property contains the SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertUsage Property (IPWorksAuth_RADIUS Class)

This property contains the text description of UsageFlags .

Object Oriented Interface

public function getSSLServerCertUsage();

Procedural Interface

ipworksauth_radius_get($res, 90 );

Default Value

''

Remarks

This property contains the text description of SSLServerCertUsageFlags.

This value will be of one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLServerCertUsageFlags Property (IPWorksAuth_RADIUS Class)

This property contains the flags that show intended use for the certificate.

Object Oriented Interface

public function getSSLServerCertUsageFlags();

Procedural Interface

ipworksauth_radius_get($res, 91 );

Default Value

0

Remarks

This property contains the flags that show intended use for the certificate. The value of SSLServerCertUsageFlags is a combination of the following flags:

Please see the SSLServerCertUsage property for a text representation of SSLServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLServerCertVersion Property (IPWorksAuth_RADIUS Class)

This property contains the certificate's version number.

Object Oriented Interface

public function getSSLServerCertVersion();

Procedural Interface

ipworksauth_radius_get($res, 92 );

Default Value

''

Remarks

This property contains the certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLServerCertSubject Property (IPWorksAuth_RADIUS Class)

This is the subject of the certificate used for client authentication.

Object Oriented Interface

public function getSSLServerCertSubject();

Procedural Interface

ipworksauth_radius_get($res, 93 );

Default Value

''

Remarks

This is the subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

This property is read-only.

Data Type

String

SSLServerCertEncoded Property (IPWorksAuth_RADIUS Class)

This is the certificate (PEM/Base64 encoded).

Object Oriented Interface

public function getSSLServerCertEncoded();

Procedural Interface

ipworksauth_radius_get($res, 94 );

Default Value

''

Remarks

This is the certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLServerCertStore and SSLServerCertSubject properties also may be used to specify a certificate.

When SSLServerCertEncoded is set, a search is initiated in the current SSLServerCertStore for the private key of the certificate. If the key is found, SSLServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLServerCertSubject is set to an empty string.

This property is read-only and not available at design time.

Data Type

Binary String

Timeout Property (IPWorksAuth_RADIUS Class)

This property includes the timeout for the class.

Object Oriented Interface

public function getTimeout();


public function setTimeout($value);

Procedural Interface

ipworksauth_radius_get($res, 95 );


ipworksauth_radius_set($res, 95, $value );

Default Value

60

Remarks

If the Timeout property is set to 0, all operations will run uninterrupted until successful completion or an error condition is encountered.

If Timeout is set to a positive value, the class will wait for the operation to complete before returning control.

The class will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not freeze and remains responsive.

If Timeout expires, and the operation is not yet complete, the class fails with an error.

Note: By default, all timeouts are inactivity timeouts, that is, the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

The default value for the Timeout property is 60 seconds.

Data Type

Integer

User Property (IPWorksAuth_RADIUS Class)

The name of the user to authenticate.

Object Oriented Interface

public function getUser();


public function setUser($value);

Procedural Interface

ipworksauth_radius_get($res, 96 );


ipworksauth_radius_set($res, 96, $value );

Default Value

''

Remarks

This property holds the name of the user to authenticate.

Data Type

String

Authenticate Method (IPWorksAuth_RADIUS Class)

Authenticates the user.

Object Oriented Interface

public function doAuthenticate();

Procedural Interface

ipworksauth_radius_do_authenticate($res);

Remarks

This method authenticates the user with the RADIUS server.

If authentication is successful this method returns without error. If authentication fails this method will throw an exception.

This following properties are applicable when calling this method:

• User (required)
• Password (required)
• SharedSecret (required)
• RemoteHost (required)
• RemotePort
• Timeout

Config Method (IPWorksAuth_RADIUS Class)

Sets or retrieves a configuration setting.

Object Oriented Interface

public function doConfig($configurationstring);

Procedural Interface

ipworksauth_radius_do_config($res, $configurationstring);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

DoEvents Method (IPWorksAuth_RADIUS Class)

This method processes events from the internal message queue.

Object Oriented Interface

public function doEvents();

Procedural Interface

ipworksauth_radius_do_doevents($res);

Remarks

When DoEvents is called, the class processes any available events. If no events are available, it waits for a preset period of time, and then returns.

Interrupt Method (IPWorksAuth_RADIUS Class)

This method interrupts the current method.

Object Oriented Interface

public function doInterrupt();

Procedural Interface

ipworksauth_radius_do_interrupt($res);

Remarks

If there is no method in progress, Interrupt simply returns, doing nothing.

Reset Method (IPWorksAuth_RADIUS Class)

Resets the class properties to their default values.

Object Oriented Interface

public function doReset();

Procedural Interface

ipworksauth_radius_do_reset($res);

Remarks

This method resets the properties to their default values.

Attribute Event (IPWorksAuth_RADIUS Class)

Fires for each attribute that is received.

Object Oriented Interface

public function fireAttribute($param);

Procedural Interface

ipworksauth_radius_register_callback($res, 1, array($this, 'fireAttribute'));

Parameter List

 'attributetype'
 'name'
 'value'

Remarks

This event fires once for each attribute that is received. This will fire when calling Authenticate.

AttributeType is the attribute type. Common values are:

Name is the text description of the attribute.

Value is the value of the attribute.

Error Event (IPWorksAuth_RADIUS Class)

Fired when information is available about errors during data delivery.

Object Oriented Interface

public function fireError($param);

Procedural Interface

ipworksauth_radius_register_callback($res, 2, array($this, 'fireError'));

Parameter List

 'errorcode'
 'description'

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Log Event (IPWorksAuth_RADIUS Class)

Fires with log information during processing.

Object Oriented Interface

public function fireLog($param);

Procedural Interface

ipworksauth_radius_register_callback($res, 3, array($this, 'fireLog'));

Parameter List

 'loglevel'
 'message'
 'logtype'

Remarks

This event fires during processing with log information. The level of detail that is logged is controlled via the LogLevel.

LogLevel indicates the level of message. Possible values are:

LogMessage is the log entry.

LogType indicates the type of log. Possible values are:

• "REQUEST"
• "RESPONSE"

SSLServerAuthentication Event (IPWorksAuth_RADIUS Class)

Fired after the server presents its certificate to the client.

Object Oriented Interface

public function fireSSLServerAuthentication($param);

Procedural Interface

ipworksauth_radius_register_callback($res, 4, array($this, 'fireSSLServerAuthentication'));

Parameter List

 'certencoded'
 'certsubject'
 'certissuer'
 'status'
 'accept'

Remarks

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (IPWorksAuth_RADIUS Class)

Fired when secure connection progress messages are available.

Object Oriented Interface

public function fireSSLStatus($param);

Procedural Interface

ipworksauth_radius_register_callback($res, 5, array($this, 'fireSSLStatus'));

Parameter List

 'message'

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

Config Settings (RADIUS Class)

RADIUS Config Settings

UDP Config Settings

Socket Config Settings

SSL Config Settings

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert ...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert ...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert ...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert ...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

Base Config Settings

Trappable Errors (RADIUS Class)

RADIUS Errors

UDP Errors

TCP/IP Errors