RADIUS Overview

MIRACL Trust® SSO RADIUS allows you to configure one or more RADIUS hosts for which One-Time-Passwords (OTPs) can be generated. Once you have set up a host, it is possible to go to your mobile app to login with the pinpad in order to be issued with an OTP which is valid for a default of 90 seconds. This password can then be used to login to your RADIUS-configured application.

Once installed, the use of MIRACL Trust® SSO RADIUS involves managing a single config.json file which is located in the /etc/srv-radius/ directory. In the config, it is possible to enable usage of the Microsoft PEAP protocol in order to allow using authentication protocols like MS-CHAPv2 with a secure tunnel.

The steps involved are:

  1. Create a new MIRACL Trust® RADIUS app in the MIRACL Trust® authentication portal to generate a url at which your end users can register

  2. Install your MIRACL Trust® SSO RADIUS server

  3. Configure your MIRACL Trust® SSO RADIUS server and RADIUS client / VPN server (OpenVPN, Cisco Anyconnect etc.)

  4. End users can then use the MIRACL Trust® SSO mobile app to generate One Time Passwords (associated with the same email they registered with in step 2) which allow them to login to the RADIUS client / VPN server

The following diagram gives a high-level overview of the components involved:


Supported Protocols

MIRACL Trust® SSO RADIUS supports the PAP, CHAP, MSCHAPv1 and PEAPv0/MSCHAPv2 RADIUS protocols.

These can be enabled/disabled in the config.json file in the protocols section:

"protocols": ["pap", "chap", "mschapv1", "peap"]