How to use coaps to connect device to thingsboard - thingsboard

I want to put some temperature data to thingsboard cloud platform via coap. However, the example code only support "coaps://...." format. Once I put "coap://coap.thingsboard.cloud/api/v1/$ACCESS_TOKEN/telemetry" format, it gives me "incorrect protocol in server uri". What is the difference between coaps and coap? Is it related with the website address? How to use coaps to connect device to thingsboard?

"coap:" is coap send plain / unencrypted directly over UDP
"coaps:" is coap send encrypted using DTLS over UDP
If you use "coaps:" your device must support DTLS and in the most cases you need valid credentials (PSK, RawPublicKey, or x509) in order to connect. In some cases, the client is anonymous on the dtls level, and authenticates itself then on the coap layer (custom token or similar).
it's pretty much the same as "http:" and "https:", even the anyonymous client and the authentication on http level.

Related

How can we stop a client connection from mosquito broker?

I have multiple devices sending messages to a mosquito broker. I would like to manage a kind of device revocation so that when a device is revoked, I want the mosquito broker to automatically close the connection for this specific device.
Is there any command or way to ask the broker to explicitly close a connection to a specific client?
Thanks in advance,
hak
I do not think you can kick an already connected client.
But what you can do if using the Authentication Plugin (either a 3rd party or the included dynamic security plugin) to change the ACL that the user can publish/subscribe to which should effectively stop the client sending or receiving any messages and when it next tries to connect it will not be allowed.

Send LoRaWAN downlink message through ThingPark Community Network Server

How can an Application Server send a downlink message to a LoRaWAN end device connected to Actility ThingPark Community platform?
ThingPark Community Platform offers a REST API to allow Application Servers sending a downlink message to an end-device. Every http request sent to that API need to be validated by a one-time token so that ThingPark can verify the integrity of the request.
The interface between ThingPark Enterprise Network Server and an external Application Server is described in the TPE LRC AS tunnel interface development guide.
For a quick test please check our simple javascript example.
Don't forget to update the constants at the beginning of the script.
The AS_KEY is the Tunnel Interface Authentication Key that you set on the
CREATE HTTP APPLICATION form.
The AS_ID is the Application ID that you can see once you have creeted the application.
If you prefer testing with curl see our curl test shell script.
Please note that this script does not calculate the one-time token. You need to calculate it yourself according to the Tunnel interface development guide or by studying the former javascript code.

freeRadius using EAP with custom auth script

I am attempting to setup a freeradius server to authenticate against a web service. The reason for this is that there is a complicated workflow involving account status and mac address. The workflow seemed out of place to be in freeradius. So my user names, and encrypted passwords are stored remotely to the radius server. Everything works fine using radclient to test. When I started using the the Access Point, I learned it only communicates with the radius server via eap-tls. This means that the User-Password argument is not available for my script.
Is there a way to have eap auth check for user authentication against my script? By this i mean, can i get the password to send to my secondary service?
Alternately, is there a way to get the User-Password from the encrypted eap-message data?
Access points don't usually place restrictions on the EAP type. The device connecting to the AP negotiates an EAP type with FreeRADIUS. If it's using EAP-TLS it's probably a windows machine that hasn't been configured to do anything different.
Investigate EAP flavours to find out which ones are available. If you have EAP-TTLS-PAP you can send the plaintext password from the wireless client, and user it to authenticate against the web service.
In FreeRADIUS v3.0.x there's a rlm_rest module, which can perform basic auth on behalf of the user, with very little configuration.

How convert an OMA-DM protocol message to an LWM2M message?

I am working on a device management solution for an IoT device. The device will host an LWM2M client. A gateway device (currently an Intel Galileo board), will host an OMA-DM client and a LWM2M server.
The general scenario is that the nodes should be able to be managed by any OMA-DM or LWM2M compliant device management server.
In case of an OMA-DM server, the commands will be sent to the gateway where they will be received by an OMA-DM client and passed on to the nodes directly as LWM2M commands or the client will use the APIs of the LWM2M server to create and send the message/command.
As such I wanted to know if there is any solution currently available that can help with this.
OR
Are there any guides or papers or any information of any kind to help me implement this solution?
OMA has something called the LwM2M gateway which interfaces an OMA-DM server to an LwM2M Server. So check out the MAI (Mobile Application Interface) gateway specs (which I don't think are finalized yet).

Security - Ejabberd - Validate Client

I have installed Ejabberd in our AWS Server
We are developing an iOS messenger app and we don't want other clients to access our messaging server other than our iOS app.
All the ejabberd services should be accessible only by our iOS app,
To register
To login
To send message and use any other service.
What are all the configurations and settings should I have to do to secure our server?
There is no 100% way to disable other clients from mimicking your own client. You may use different protocol, or one more layer of encryption or special marks that allow your server use to make sure that client is yours. But if someone will have desire to write his own client, he'll use your own client to understand what should be sent on the wire.
XMPP is build on the top of TCP so there is no good way of restricting access to the server socket. If you want to be compliant with XMPP you need to use encryption, otherwise use your own custom protocol (like Skype).

Resources