|
|
==== Radius authentication server ====
|
|
|
|
|
|
A [[https://en.wikipedia.org/wiki/RADIUS|Radius]] authentication server uses a very simple protocol with the clients; 4 types of messages are used for the authentication and authorisation process:
|
|
|
* **Access-Request**
|
|
|
* **Access-Accept**
|
|
|
* **Access-Reject**
|
|
|
* **Access-Challenge**
|
|
|
![RADIUS Authentication and Authorization Flow (Wikipedia)](uploads/4301f536421b7338a24c1c445454c5c3/radius-aa.png)
|
|
|
|
|
|
The first tests were done with the **radtest** freeradius client over IP and IPv6.
|
|
|
|
|
|
As the idp is written in Java, we had to test a Java client; **[[http://tinyradius.sourceforge.net/|TinyRadius, a Java Radius library]]** provides what is needed for a client to authenticate a user on a radius server. A crude run of the provided **TestClient** Java program and some tcpdump network traces can be found in the [radius-otp.pdf document](uploads/3eb417258a304e9ffb4ca61961aef9bc/radius-otp.pdf). The TinyRadius library doesn't work over IPv6 :-( |
|
|
\ No newline at end of file |