Developing and Customizing the Sample IDP Captive Portal

The /webapp directory on the SRC application library CD contains the idpPortal.war file. The idpPortal.war file provides:

• Complete source code for the IDP captive portal in the WEB-INF/src directory
• Documentation for the Java classes used in the sample IDP captive portal in the /javadoc directory

For information about expanding the idpPortal.war file, see Configuring Properties for the Sample IDP Captive Portal .

The IDP captive portal uses the SAE CORBA remote application programming interface (API) to perform actions such as activating, deactivating, or scheduling services. For information about the SAE CORBA remote API, see the SAE CORBA remote API online documentation on the SRC software distribution in the directory SDK/doc/idl/index.html.

The tasks to deploy the sample IDP captive portal are:

1.  Configuring Properties for the Sample IDP Captive Portal
2.  Deploying the Updated WAR File
3.  Accessing the IDP Captive Portal
4.  Configuring the Redirect Server to Redirect Traffic to the IDP Captive Portal

Configuring Properties for the Sample IDP Captive Portal

The sample IDP captive portal provided with the SRC software is designed to be used with the IDP integration implementation and the sample data. To use the sample IDP captive portal, edit the WEB-INF/portal.props. The /opt/UMC/idp/idpPortal.war file contains the WEB-INF/portal.props file.

To edit the WEB-INF/portal.props file:

1. Copy the idpPortal.war file to a temporary folder, and work in that folder.
2. Extract the WEB-INF/portal.props file from the idpPortal.war file.

   jar xvf idpPortal.war WEB-INF/portal.props

3. With a text editor, edit the WEB-INF/portal.props file:
   • Review the basic portal properties, and update as needed.

     See Basic Portal Properties.

   • Review the entries for the SAE locator, and change them as needed to accommodate your SRC configuration.

     See Locator Properties.

   • Configure properties in the network information collector (NIC) proxy configuration section of the file.

     For information about the values to configure for NIC properties, see Overview of NIC Proxy Configuration.

4. Replace the WEB-INF/portal.props file and any other updated files in the idpPortal.war file.

   jar uvf idpPortal.war WEB-INF/portal.props

Basic Portal Properties

In the WEB-INF/portal.props file, you can modify the following properties. These properties specify how the portal uses records received from IDP.

Attack.Record.number

• Maximum number of incident records to be stored for use by the IDP captive portal.
• Value—Integer in the range 1–2147483648
• Default—100

Attack.Record.removeStep

• Number of records to be deleted when the number of records stored reaches the limit specified by the Attack.Record.number property. The records are sequentially removed, starting with the oldest record, then the next oldest, and so forth.
• Value—<number>
• Guidelines—This number must be less than the value configured for Attack.Record.number.
• Default—10

DateTime.Format

• Format in which to display the date and time of an incident.
• Value—yyyy/MM/dd hh:mm:ss, where yyyy represents the year, MM the month, dd the day, hh the hour, mm the minute, and ss the second
• Guidelines—For more information about this property, including its value see

  http://java.sun.com/j2se/1.4.2/docs/api/java/text/SimpleDateFormat.html

• Default—No value

<incident-name>

• Name of a parameter that indicates the type of security incident encountered, and provides a description of the parameter.
• Value—<parameter>=<description>
• Guidelines—Enter the parameter and description in the section ” Attack Name and the corresponding description.”

  For information about security parameters, see the IDP documentation at

  http://www.juniper.net/techpubs/software/management/idp/

• Default—No value
• Example

  ICMP.EXPLOIT.FLOOD = Network traffic that is flooded by ICMP Echo Request Packet

  TROJAN.AUTOPROXY.INFECTED-HOST = AutoProxy trojan attempts to contact a master server and register the IP address and open ports of the infected host

Attack.Captive.service

• Name of the service for the IDP captive portal. The IDP management server activates this service for subscribers who receive or send malicious traffic. If you use a “ remind me later” control on the Web page and the subscriber selects this control, the portal deactivates this service and schedules service activation for a later time. If you use a “ don't show this page again” control and the subscriber selects this control, the portal deactivates this service.
• Value—<service name>
• Default—Quarantine

Attack.showRemindLater

• Specifies whether the IDP captive portal page provides the Remind me again in field. This field lets subscribers specify a time at which the portal reminds them of the security incident.
• Value—true or false
• Default—true

Attack.showIgnore

• Specifies whether the IDP captive portal page provides the Don’t show this page again field. The field lets subscribers stop display of the captive portal page for incidents that have already been detected. The portal displays another page when another incident occurs.
• Value—true or false
• Default—true

Locator Properties

In the WEB-INF/portal.props file, you can modify the following properties. Change these properties to conform to your configuration.

Factory.locator

• Method that the portal uses to locate the SAE.
• Value
  • net.juniper.smgt.ssp.LocalFeatureLocator—Uses the locally configured object reference
  • net.juniper.smgt.ssp.DistributedFeatureLocator—Uses NIC configuration
• Guidelines—If you specify net.juniper.smgt.ssp.LocalFeatureLocator, configure a value for LocalFeatureLocator.objectRef.

LocalFeatureLocator.objectRef

• Location of the SAE server.
• Value—Location in one of the following formats:
  • Absolute path to the interoperable object reference (IOR) file in the form file://<absolutePath>
  • Corbaloc URL in the format corbaloc::<host>:<port>/SAE
    • <host>—IP address or host on which the SAE is installed.
    • <port>—Port used by the SAE on the specified host. The default is 8801.
  • The actual IOR in the form IOR:<objectReference>
• Default—No value
• Examples
  • Absolute path—file:///opt/UMC/sae/var/run/sae.ior
  • corbaloc URL—corbaloc::10.10.6.171:8801/SAE
  • Actual IOR—

    IOR:000000000000002438444C3A736D67742E6A756E697...

DistributedFeatureLocator.locName

• Namespace for the NIC proxy configuration.
• Value—<namespace>
• Default—/, which indicates the root namespace
• Example—DistributedFeatureLocator.locName = /nicProxy indicates that the NIC proxy configuration is in /nicProxy.

Config.java.naming.provider.url

• Location of the LDAP server.
• Value—ldap://<IP address>:<port number>
• Default—No value
• Example—ldap://127.0.0.1:389

Config.net.juniper.smgt.des.backup_provider_urls

• Location of a backup LDAP server.
• Value—ldap://<IP address>:<port number>, with more than one URL separated by commas
• Default—No value

Deploying the Updated WAR File

To deploy the updated WAR file for the application:

• Copy the file to the deployment directory for your Web server.

  If you are using JBoss, copy the file to the /opt/UMC/jboss/server/default/deploy directory. JBoss automatically starts the Web application when a new WAR file is copied into the deploy directory.

Accessing the IDP Captive Portal

Access the portal to ensure that you can view the page and to review the page setup. To access the IDP captive portal:

• Enter a URL in the following form in your Web browser, and press Enter.

  http(s)://<host>:<port>/idpPortal

Configuring the Redirect Server to Redirect Traffic to the IDP Captive Portal

To configure the redirect server to redirect Web requests to the IDP captive portal:

1. Follow the instructions for configuring the redirect server in Overview of the Residential Portal .
2. In the /opt/UMC/redir/etc/redir.properties file, specify the URL of the IDP captive portal for the redir.url property. This entry has the form

   redir.url=http(s)://<host>:<port>/idpPortal/PortalDisplay.jsp