6d5172d18a
* first pass
* dependency shenanigans
* move blueprints
* few broken links
* change config the throw errors
* internal file edits
* fighting links
* remove sidebarDev
* fix subdomain
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix relative URL
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix mismatched package versions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api reference build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test tweak
* links hell
* more links hell
* links hell2
* yep last of the links
* last broken link fixed
* re-add cves
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add devdocs redirects
* add dir
* tweak netlify.toml
* move latest 2 CVES into dir
* fix links to moved cves
* typoed title fix
* fix link
* remove banner
* remove committed api docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* integrations: remove version dropdown
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Update Makefile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* change doc links in web as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix some more docs paths
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix more docs paths
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* ci: require ci-web.build for merging
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Revert "ci: require ci-web.build for merging"
This reverts commit b99a4842a9.
* remove sluf for Application
* put slug back in
* minor fix to trigger deploy
* Spelled out Documentation in menu bar
* remove image redirects...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove explicit index.md
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove mdx first
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* then remove .md
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add missing prefix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
71 lines
3.8 KiB
Plaintext
71 lines
3.8 KiB
Plaintext
---
|
|
title: RADIUS Provider
|
|
---
|
|
|
|
import { Check, X, AlertTriangle } from "react-feather";
|
|
|
|
You can configure a Radius provider for applications that don't support any other protocols or that require Radius.
|
|
|
|
:::info
|
|
This provider requires the deployment of the [RADIUS outpost](../../outposts/index.mdx)
|
|
:::
|
|
|
|
Currently, only authentication requests are supported.
|
|
|
|
### Authentication flow
|
|
|
|
Authentication requests against the Radius Server use a flow in the background. This allows you to use the same flows, stages, and policies as you do for web-based logins.
|
|
|
|
The following stages are supported:
|
|
|
|
- [Identification](../../flows-stages/stages/identification/index.md)
|
|
- [Password](../../flows-stages/stages/password/index.md)
|
|
- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.md)
|
|
|
|
Note: Authenticator validation currently only supports DUO, TOTP, and static authenticators.
|
|
|
|
For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password `example-password` and the MFA token `123456`, the input must be `example-password;123456`.
|
|
|
|
SMS-based authenticators are not supported because they require a code to be sent from authentik, which is not possible during the bind.
|
|
|
|
- [User Logout](../../flows-stages/stages/user_logout.md)
|
|
- [User Login](../../flows-stages/stages/user_login/index.md)
|
|
- [Deny](../../flows-stages/stages/deny.md)
|
|
|
|
### RADIUS attributes
|
|
|
|
Starting with authentik 2024.8, you can create RADIUS provider property mappings, which make it possible to add custom attributes to the RADIUS response packets.
|
|
|
|
For example, to add the Cisco AV-Pair attribute, this snippet can be used:
|
|
|
|
```python
|
|
define_attribute(
|
|
vendor_code=9,
|
|
vendor_name="Cisco",
|
|
attribute_name="AV-Pair",
|
|
attribute_code=1,
|
|
attribute_type="string",
|
|
)
|
|
packet["Cisco-AV-Pair"] = "shell:priv-lvl=15"
|
|
return packet
|
|
```
|
|
|
|
After creation, make sure to select the RADIUS property mapping in the RADIUS provider.
|
|
|
|
### Limitations
|
|
|
|
The RADIUS provider only supports the [PAP](https://en.wikipedia.org/wiki/Password_Authentication_Protocol) (Password Authentication Protocol) protocol:
|
|
|
|
| | Clear-text | NT hash | MD5 hash | Salted MD5 hash | SHA1 hash | Salted SHA1 hash | Unix Crypt |
|
|
| ------------ | --------------- | --------------- | --------------- | --------------- | --------------- | ---------------- | --------------- |
|
|
| PAP | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> |
|
|
| CHAP | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
|
|
| Digest | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
|
|
| MS-CHAP | <Check></Check> | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
|
|
| PEAP | <Check></Check> | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
|
|
| EAP-MSCHAPv2 | <Check></Check> | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
|
|
| Cisco LEAP | <Check></Check> | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
|
|
| EAP-GTC | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> | <Check></Check> |
|
|
| EAP-MD5 | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> | <X></X> |
|
|
| EAP-PWD | <Check></Check> | <X></X> | <X></X> | <X></X> | <X></X> | <Check></Check> | <Check></Check> |
|