habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
17fe5955283544b1fe782c89b27f6776e328bbe5
authentik/website/docs/providers/radius/index.md
Jens L 1893626e04 website/docs: clear up radius provider (#5263) 
* website/docs: clear up radius provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/docs/providers/radius/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-04-18 10:42:42 +02:00

42 lines
1.6 KiB
Markdown
Raw Blame History

---
title: Radius Provider
---
:::info
This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues)
:::
You can configure a Radius Provider for applications that don't support any other protocols or require Radius.
:::info
This provider requires the deployment of the [RADIUS Outpost](../../outposts/)
:::
Currently, only authentication requests are supported.
### Authentication flow
Authentication requests against the Radius Server use a flow in the background. This allows you to use the same policies and flows as you do for web-based logins.
The following stages are supported:
- [Identification](../../flow/stages/identification/index.md)
- [Password](../../flow/stages/password/index.md)
- [Authenticator validation](../../flow/stages/authenticator_validate/index.md)
Note: Authenticator validation currently only supports DUO, TOTP and static authenticators.
For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password `example-password` and the code `123456`, the input must be `example-password;123456`.
SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind.
- [User Logout](../../flow/stages/user_logout.md)
- [User Login](../../flow/stages/user_login/index.md)
- [Deny](../../flow/stages/deny.md)
### Limitations
The RADIUS provider only supports the [PAP](https://en.wikipedia.org/wiki/Password_Authentication_Protocol) (Password Authentication Protocol) protocol:
![](./protocols.png)
Reference in New Issue View Git Blame Copy Permalink