RADIUS Authentication
RADIUS support is enabled by only including the following dependency in the overlay:
1
2
3
4
5
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-radius</artifactId>
<version>${cas.version}</version>
</dependency>
1
implementation "org.apereo.cas:cas-server-support-radius:${project.'cas.version'}"
1
2
3
4
5
6
7
8
9
dependencyManagement {
imports {
mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
}
}
dependencies {
implementation "org.apereo.cas:cas-server-support-radius"
}
Configuration
The following settings and properties are available from the CAS configuration catalog:
cas.authn.radius.client.inet-address=localhost
Server address to connect and establish a session. |
cas.authn.radius.client.shared-secret=N0Sh@ar3d$ecReT
Secret/password to use for the initial bind. |
cas.authn.radius.password-encoder.encoding-algorithm=
The encoding algorithm to use such as |
cas.authn.radius.password-encoder.type=NONE
Define the password encoder type to use. Type may be specified as blank or
|
cas.authn.radius.principal-transformation.groovy.location=
The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system. |
cas.authn.radius.client.accounting-port=1813
The accounting port. |
cas.authn.radius.client.authentication-port=1812
The authentication port. |
cas.authn.radius.client.socket-timeout=0
Socket connection timeout in milliseconds. |
cas.authn.radius.client.transport-type=UDP
Transport type to use by this client to connect to the server. Available values are as follows:
|
cas.authn.radius.failover-on-authentication-failure=false
Whether authentication errors should be skipped and fail over to the next server. |
cas.authn.radius.failover-on-exception=false
Whether catastrophic errors should be skipped and fail over to the next server. |
cas.authn.radius.name=
The name of the authentication handler. |
cas.authn.radius.server.nas-identifier=
The NAS identifier. |
cas.authn.radius.server.nas-ip-address=
The NAS IP address. |
cas.authn.radius.server.nas-ipv6-address=
The NAS IPv6 address. |
cas.authn.radius.server.nas-port=-1
The NAS port. |
cas.authn.radius.server.nas-port-id=-1
The NAS port id. |
cas.authn.radius.server.nas-port-type=-1
The NAS port type. |
cas.authn.radius.server.nas-real-port=-1
The NAS real port. |
cas.authn.radius.server.protocol=EAP_MSCHAPv2
Radius protocol to use when communicating with the server. |
cas.authn.radius.server.retries=3
Number of re-try attempts when dealing with connection and authentication failures. |
cas.authn.radius.state=
Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated. |
cas.authn.radius.password-encoder.character-encoding=UTF-8
The encoding algorithm to use such as 'UTF-8'. Relevant when the type used is |
cas.authn.radius.password-encoder.secret=
Secret to use with |
cas.authn.radius.password-encoder.strength=16
Strength or number of iterations to use for password hashing. Usually relevant when dealing with |
cas.authn.radius.principal-transformation.blocking-pattern=
A regular expression that will be used against the username to match for blocking/forbidden values. If a match is found, an exception will be thrown and principal transformation will fail. |
cas.authn.radius.principal-transformation.case-conversion=NONE
Indicate whether the principal identifier should be transformed into upper-case, lower-case, etc. Available values are as follows:
|
cas.authn.radius.principal-transformation.pattern=
A regular expression that will be used against the provided username for username extractions. On a successful match, the first matched group in the pattern will be used as the extracted username. |
cas.authn.radius.principal-transformation.prefix=
Prefix to add to the principal id prior to authentication. |
cas.authn.radius.principal-transformation.suffix=
Suffix to add to the principal id prior to authentication. |