RADIUS enables communication between remote access servers and a central server using secure token authentication.
Access Manager supports both PIN and challenge-and-response methods of token-based authentication. RADIUS represents token-based authentication methods to authenticate a user, based on something a user possesses. For example, a token card. Token challenge-response is supported for two-step processes that are necessary to authenticate a user.
Perform the following steps to configure RADIUS authentication:
On the Home page, click Identity Servers> [cluster name] > Classes > Plus icon.
Under General, select Radius or ProtectedRadius from the list.
Click Next.
Click New to add an IP address for the RADIUS server.
You can add additional servers for failover purposes.
Click OK.
Specify the following details:
|
Field |
Description |
|---|---|
|
Class Name |
Select the name of the class. |
|
Primary Server |
The port of the RADIUS server. |
|
Shared Secret |
The RADIUS shared secret. |
|
Reply Time |
The total time to wait for a reply in milliseconds. |
|
Resend Time |
The time to wait in milliseconds between requests. |
|
Server Failure Retry |
The time in milliseconds that must elapse before a failed server is retried. |
|
JSP |
Specify the name of the login page if you want to use something other than the default page. The filename must be specified without the JSP extension. The default page is used if nothing is specified. |
|
Use Look Attribute Name |
Specify the LDAP attribute on which the user will be searched in the Radius server. CN is the default attribute. |
|
Require Password |
Toggle to require the user to also specify an LDAP password. |
Click Save.
Create a method for this class.
Create a contract for the method.
See Section 6.1.4, Configuring Authentication Contracts.
If you want to make the users’ credentials available for Identity Injection policies and you did not select Require Password, add the password fetch method as a second method to the contract. For more information about this class and method, see Password Retrieval.
Update Identity Server.