Authenticate with the Junos XML Protocol Server for Cleartext or SSL Connections

The client application begins the authentication process by emitting an <rpc> tag enclosing the <request-login> element. In the <request-login> element, it encloses the <username> element to specify the Junos OS account (username) under which to establish the connection. The account must already be configured on the Junos XML protocol server device, as described in Satisfying the Prerequisites for Establishing a Connection to the Junos XML Protocol Server. You can choose whether or not the application provides the account password as part of the initial tag sequence.

Providing the Password with the Username

To provide the password along with the username, the application emits the following tag sequence:

This tag sequence is appropriate if the application automates access to routing, switching, or security platform information and does not interact with users, or obtains the password from a user before beginning the authentication process.

Providing Only the Username

To omit the password and specify only the username, the application emits the following tag sequence:

This tag sequence is appropriate if the application does not obtain the password until the authentication process has already begun. In this case, the Junos XML protocol server returns the <challenge> tag within an <rpc-reply> element to request the password associated with the username. The element encloses the Password: string, which the client application can forward to the screen as a prompt for a user. The echo="no" attribute in the opening <challenge> tag specifies that the password string typed by the user does not echo on the screen. The tag sequence is as follows:

The client application obtains the password and emits the following tag sequence to forward it to the Junos XML protocol server:

After it receives the username and password, the Junos XML protocol server emits the <authentication-response> element to indicate whether the authentication attempt is successful.

Server Response When Authentication Succeeds

If the password is correct, the authentication attempt succeeds and the Junos XML protocol server emits the following tag sequence:

The <message> element contains the Junos username under which the connection is established.

The <login-name> element contains the username that the client application provided to an authentication utility such as RADIUS or TACACS+. This element appears only if the username differs from the username contained in the <message> element.

The Junos XML protocol session begins, as described in Starting Junos XML Protocol Sessions.

Server Response When Authentication Fails

If the password is not correct or the <request-login> element is otherwise malformed, the authentication attempt fails and the Junos XML protocol server emits the following tag sequence:

The error-message string in the <message> element explains why the authentication attempt failed. The Junos XML protocol server emits the <challenge> tag up to two more times before rejecting the authentication attempt and closing the connection.