habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "website: latest migration to new structure" (#11634)

Browse Source 
Revert "website: latest migration to new structure (#11522)"

This reverts commit 9a89a5f94b.
This commit is contained in:
Tana M Berry
2024-10-08 17:30:50 -05:00
committed by GitHub
parent 9a89a5f94b
commit 6b2fced1b9
336 changed files with 883 additions and 2636 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
website/docs/add-secure-apps/providers/radius/index.mdx
View File

@ -1,70 +0,0 @@
---
title: RADIUS Provider
---
import { Check, X, AlertTriangle } from "react-feather";
You can configure a Radius provider for applications that don't support any other protocols or that require Radius.
:::info
This provider requires the deployment of the [RADIUS outpost](../../outposts/index.mdx)
:::
Currently, only authentication requests are supported.
### Authentication flow
Authentication requests against the Radius Server use a flow in the background. This allows you to use the same flows, stages, and policies as you do for web-based logins.
The following stages are supported:
- [Identification](../../flows-stages/stages/identification/index.md)
- [Password](../../flows-stages/stages/password/index.md)
- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.md)
Note: Authenticator validation currently only supports DUO, TOTP, and static authenticators.
For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password `example-password` and the MFA token `123456`, the input must be `example-password;123456`.
SMS-based authenticators are not supported because they require a code to be sent from authentik, which is not possible during the bind.
- [User Logout](../../flows-stages/stages/user_logout.md)
- [User Login](../../flows-stages/stages/user_login/index.md)
- [Deny](../../flows-stages/stages/deny.md)
### RADIUS attributes
Starting with authentik 2024.8, you can create RADIUS provider property mappings, which make it possible to add custom attributes to the RADIUS response packets.
For example, to add the Cisco AV-Pair attribute, this snippet can be used:
```python
define_attribute(
vendor_code=9,
vendor_name="Cisco",
attribute_name="AV-Pair",
attribute_code=1,
attribute_type="string",
)
packet["Cisco-AV-Pair"] = "shell:priv-lvl=15"
return packet
```
After creation, make sure to select the RADIUS property mapping in the RADIUS provider.
### Limitations
The RADIUS provider only supports the [PAP](https://en.wikipedia.org/wiki/Password_Authentication_Protocol) (Password Authentication Protocol) protocol:
| | Clear-text | NT hash | MD5 hash | Salted MD5 hash | SHA1 hash | Salted SHA1 hash | Unix Crypt |
| ------------ | --------------- | --------------- | --------------- | --------------- | --------------- | ---------------- | --------------- |
| PAP | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> |
| CHAP | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
| Digest | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
| MS-CHAP | <Check></Check> | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
| PEAP | <Check></Check> | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
| EAP-MSCHAPv2 | <Check></Check> | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
| Cisco LEAP | <Check></Check> | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
| EAP-GTC | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> |
| EAP-MD5 | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
| EAP-PWD | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <Check></Check> | <Check></Check> |