Authenticate with the Junos XML Protocol Server for Cleartext or SSL Connections

The client application begins the authentication process by emitting an <rpc> tag enclosing the <request-login> element. The <request-login> element encloses the <username> element to specify the Junos OS account (username) under which to establish the connection. You can choose whether the application provides the account password as part of the initial tag sequence.

Note:

Any XML special characters in the username or password elements of a <request-login> RPC request must be escaped. Special characters include: greater than (>), less than (<), single quote ('), double quote ("), and ampersand (&). Both entity references and character references are acceptable escape sequence formats. For example, & and & are valid representations of an ampersand.

Providing the Username and Password

An application initially provides both the username and password in the following scenarios:

• The application automates access to Junos device information and does not interact with users.

• The application obtains the password from a user before beginning the authentication process.

To provide both the username and password, the application emits the following tag sequence:

Providing Only the Username

If the application instead obtains the password after the authentication process begins, the application initially specifies only the username.

To specify only the username and omit the password, the application emits the following tag sequence:

In this case, the Junos XML protocol server returns an <rpc-reply> element with the <challenge> tag to request the password associated with the username. The element encloses the Password: string, which the client application can forward to the screen as a prompt for the user. The echo="no" attribute specifies that the password string typed by the user does not echo on the screen. The tag sequence is as follows:

The client application obtains the password and emits the following tag sequence to forward it to the Junos XML protocol server:

After it receives the username and password, the Junos XML protocol server emits the <authentication-response> element to indicate whether the authentication attempt is successful.

Server Response When Authentication Succeeds

If the password is correct, the authentication attempt succeeds and the Junos XML protocol server emits the following tag sequence:

The <authentication-response> child elements are:

• <status>—Status of the authentication request.

• <message>—The Junos username under which the connection is established.

• <login-name>—The username that the client application provided to an authentication utility such as RADIUS or TACACS+. This element appears only if the username differs from the username contained in the <message> element.

After successfully authenticating the user, the Junos XML protocol session begins, as described in Starting Junos XML Protocol Sessions.

Server Response When Authentication Fails

If the password is not correct or the <request-login> element is otherwise malformed, the authentication attempt fails and the Junos XML protocol server emits the following tag sequence:

The error-message string in the <message> element explains why the authentication attempt failed. The Junos XML protocol server emits the <challenge> tag up to two more times before rejecting the authentication attempt and closing the connection.