CA Strong Authentication Web Services Guide › Managing AuthMinder Configurations › Creating Configurations › Preparing the Request Message › RADIUS Configurations
RADIUS Configurations
If configured, AuthMinder can serve as a RADIUS Server to the configured Network Access Server (NAS) or the RADIUS clients.
This section walks you through preparing request messages for the following:
- RADIUS Client
- RADIUS Server
RADIUS Client
The radiusClientConfigs element of the createRequest message is used to configure RADIUS Client. The following table lists the elements of this message:
|
Element
|
Mandatory
|
Description
|
|
name
|
No
|
Name for the configuration.
|
|
status
|
No
|
Indicates the status of the configuration.
|
|
radiusClient
|
No
|
Contains the following elements:
- authType
The authentication mechanism that will be used for VPN authentication. The supported authentication mechanisms are:
- RADIUS OTP
- In-Band Password
To use this method, configure the credential type resolution.
- EAP
- description
A string to describe the RADIUS client. The description helps to identify the RADIUS client, if multiple clients are configured.
- maxPacketSize
The packet size for the RADIUS messages.
- protocolVersion
The RADIUS version supported for the client being added. The supported values are:
- 1.0
- 2.0
- sharedSecret
The secret shared between the RADIUS client and AuthMinder Server.
- additionalRADIUSAttributes
Contains attributes that you want AuthMinder Server to return in the response message sent to the RADIUS client after successful authentication. The attributes are set in name-value pairs.
- defaultOrg
Name of the default organization that is supported by the RADIUS client. This attribute is used in In-Band authentication and is used to resolve the organization name during authentication..
|
|
|
|
- orgsSupported
List of organizations that are supported by the RADIUS client, these organization are configured at the global-level. This attribute is used in In-Band authentication and is used to resolve the organization name during authentication.
- packetDropConditions
The conditions for which the AuthMinder server will not process the RADIUS requests. Following are the possible values:
1102: For user not found condition
5800: For credential not found condition
1000: For internal error
1051: For invalid requests
|
|
radiusClient
|
No
|
- enableRetry
Indicates whether the RADIUS client should try to send the request to AuthMinder Server if it does not receive any response.
- retryWindow
Indicates the duration in seconds for which the client must wait to receive a response, in case the enableRetry element is set to true. After this period, the retry is considered invalid.
|
|
eapAuthTypeData
|
No
|
Contains the following elements related EAP authentication. Set any of the following elements:
- serverCertKeyPair/KeyPairInHSM
Set the serverCertKeyPair element to AuthMinder Server certificate chain in PEM format.
- serverCertKeyPair/KeyPairInP12
Set cerKeyP12 to the base64-encoded format of AuthMinder Server certificate in PKCS#12 format.
Set certKeyP12Password to the password of the PKCS#12 file.
|
RADIUS Server
AuthMinder can be used as a proxy server to pass any password-based authentication requests to other servers that work on RADIUS protocol.
The radiusServerConfigs element of the createRequest message is used to configure RADIUS Server.
The following table lists the elements of this message:
|
Element
|
Mandatory
|
Description
|
|
name
|
No
|
Name for the configuration.
|
|
status
|
No
|
Indicates the status of the configuration.
|
|
isEnabled
|
No
|
An option to enable AuthMinder Server to pass the RADIUS requests to the other configured RADIUS server.
|
|
useSystemConfig
|
No
|
An option to use system configuration or organization level configuration.
|
|
radiusServers
|
No
|
Contains the following elements:
- authType
The authentication mechanism that will be used for VPN authentication. The supported authentication mechanisms are:
- RADIUS OTP
- In-Band Password
- description
A string to describe the RADIUS server. The description helps to identify the RADIUS server, if multiple servers are configured.
- maxPacketSize
The packet size for the RADIUS messages.
- protocolVersion
The RADIUS version supported for the server being added. The supported values are:
- 1.0
- 2.0
- sharedSecret
The secret symmetric key shared between the RADIUS server and AuthMinder Server.
- additionalRADIUSAttributes
Contains attributes that you want AuthMinder Server to forward to the RADIUS server. The attributes are set in name-value pairs.
- ipAddress
The IP Address of the RADIUS server.
- port
The port number on which the RADIUS server is listening.
|
|
|
|
- readTimeout
Indicates the maximum time to wait for a response from the RADIUS server.
- retryCount
Indicates the number of times AuthMinder Server should try to connect to RADIUS server if there is no response from the AuthMinder Server.
- failoverOrder
If multiple servers are configured, then this element identifies the server priority, based on this the requests are sent to a particular server in case of failover.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|