Signing the Redirection to ExtremeCloud IQ Controller

Signing the redirection response is a similar process to calculating the expected signature for a URL that was received at the ECP. In fact, it is the same algorithm, but the inputs to the algorithm are not taken from the request as the request is under construction.

There are only two steps involved in signing the redirection response from the ECP:

  1. Compose the pre-signed redirection URL to be signed.
    This step consists of building the request URL as described in Case 1: When a RADIUS Server Authenticates the Client or Case 2: When the ECP is the Final Authority but leaving off the X-Amz-… parameters that are required for the signature.
  2. Sign the URL, adding all parameters to the URL that are required to sign it.
    This step consists of generating the signature, then appending all the X-Amz-… parameters used to the URL. This processing is described in Building the String to Sign, Creating the Signing Key, and Creating the Signature and Verifying the Request.
9037872-01 Rev AA