MIRACL Trust SSO RADIUS allows you to configure one or more RADIUS-supporting clients for which One Time Passwords (OTPs) can be generated. Once you have set up and connected MIRACL Trust SSO RADIUS to a client, it is possible to generate an OTP with the PIN pad - either by visiting your saved OTP url in your web browser or by going to your mobile app. This OTP will be valid for a default of 90 seconds. It can then be used to login to your RADIUS-supporting client.
Once installed, the use of MIRACL Trust SSO RADIUS involves managing a single config.json file which is located in the
/etc/srv-radius/ directory. In the config, it is possible to enable usage of the Microsoft PEAP protocol in order to allow using authentication protocols like MS-CHAPv2 with a secure tunnel.
The steps involved are:
Create a new MIRACL Trust RADIUS app in the MIRACL Trust authentication portal to receive the Client ID and Client Secret needed to set up the connection between your instance and the authentication portal, and to generate a url at which your end users can register
Install your MIRACL Trust SSO RADIUS server
Configure your MIRACL Trust SSO RADIUS server and RADIUS client / VPN server (simple ssh client, OpenVPN, Cisco Anyconnect etc.)
The following diagram gives a high-level overview of the components involved:
These can be enabled/disabled in the config.json file in the protocols section:
"protocols": ["pap", "chap", "mschapv1", "peap"]