MIRACL Trust® SSO RADIUS allows you to configure one or more RADIUS hosts for which One-Time-Passwords (OTPs) can be generated. Once you have set up a host, it is possible to go to your mobile app to login with the pinpad in order to be issued with an OTP which is valid for a default of 90 seconds. This password can then be used to login to your RADIUS-configured application.
Once installed, the use of MIRACL Trust® SSO RADIUS involves managing a single config.json file which is located in the
/etc/srv-radius/ directory. In the config, it is possible to enable usage of the Microsoft PEAP protocol in order to allow using authentication protocols like MS-CHAPv2 with a secure tunnel.
The steps involved are:
Create a new MIRACL Trust® RADIUS app in the MIRACL Trust® authentication portal to generate a url at which your end users can register
Install your MIRACL Trust® SSO RADIUS server
Configure your MIRACL Trust® SSO RADIUS server and RADIUS client / VPN server (OpenVPN, Cisco Anyconnect etc.)
The following diagram gives a high-level overview of the components involved:
These can be enabled/disabled in the config.json file in the protocols section:
"protocols": ["pap", "chap", "mschapv1", "peap"]