RADIUS Overview

MIRACL Trust SSO RADIUS allows you to configure one or more RADIUS-supporting clients for which One Time Passwords (OTPs) can be generated. Once you have set up and connected MIRACL Trust SSO RADIUS to a client, it is possible to generate an OTP with the PIN pad - either by visiting your saved OTP url in your web browser or by going to your mobile app. This OTP will be valid for a default of 90 seconds. It can then be used to login to your RADIUS-supporting client.

Once installed, the use of MIRACL Trust SSO RADIUS involves managing a single config.json file which is located in the /etc/srv-radius/ directory. In the config, it is possible to enable usage of the Microsoft PEAP protocol in order to allow using authentication protocols like MS-CHAPv2 with a secure tunnel.

The steps involved are:

  1. Create a new MIRACL Trust RADIUS app in the MIRACL Trust authentication portal to receive the Client ID and Client Secret needed to set up the connection between your instance and the authentication portal, and to generate a url at which your end users can register

  2. Install your MIRACL Trust SSO RADIUS server

  3. Configure your MIRACL Trust SSO RADIUS server and RADIUS client / VPN server (simple ssh client, OpenVPN, Cisco Anyconnect etc.)

  4. End users can then visit the OTP generation url in their browser or use the MIRACL Trust mobile app to generate One Time Passwords (associated with the same email they registered with in step 2) which allow them to login to the RADIUS client / VPN server

The following diagram gives a high-level overview of the components involved:


Supported Protocols

MIRACL Trust SSO RADIUS supports the PAP, CHAP, MSCHAPv1 and PEAPv0/MSCHAPv2 RADIUS protocols.

These can be enabled/disabled in the config.json file in the protocols section:

"protocols": ["pap", "chap", "mschapv1", "peap"]