habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers/radius: simple radius outpost (#1796)

Browse Source 
* initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* minor fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use search-select

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ip with port being sent to delegated ip

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add radius tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
2023-03-20 16:54:35 +01:00
committed by GitHub
parent 84c2da8a6e
commit 3f5effb1bc
54 changed files with 5433 additions and 677 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
website/docs/providers/radius.md Normal file
View File

@ -0,0 +1,33 @@
---
title: Radius Provider
---
:::info
This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues)
:::
You can configure a Radius Provider for applications that don't support any other protocols or require Radius.
:::info
Note: This provider requires the deployment of the [Radius Outpost](../outposts/)
:::
Currently, only authentication requests are supported.
Authentication requests against the Radius Server use a flow in the background. This allows you to use the same policies and flows as you do for web-based logins.
The following stages are supported:
- [Identification](../flow/stages/identification/index.md)
- [Password](../flow/stages/password/index.md)
- [Authenticator validation](../flow/stages/authenticator_validate/index.md)
Note: Authenticator validation currently only supports DUO, TOTP and static authenticators.
For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password `example-password` and the code `123456`, the input must be `example-password;123456`.
SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind.
- [User Logout](../flow/stages/user_logout.md)
- [User Login](../flow/stages/user_login/index.md)
- [Deny](../flow/stages/deny.md)