trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/providers/radius/index.md
Jens L 67644ace87
website/docs: prepare 2023.4 release notes (#5223) 
* website/docs: prepare 2023.4 release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add prompt preview

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Update website/docs/releases/2023/v2023.4.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* add new release to sidebar

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-04-13 14:11:46 +02:00

1.8 KiB
Raw Blame History

title
Radius Provider

:::info This feature is still in technical preview, so please report any Bugs you run into on GitHub :::

You can configure a Radius Provider for applications that don't support any other protocols or require Radius.

:::info This provider requires the deployment of the RADIUS Outpost :::

Currently, only authentication requests are supported.

Authentication flow

Authentication requests against the Radius Server use a flow in the background. This allows you to use the same policies and flows as you do for web-based logins.

The following stages are supported:

  • Identification

  • Password

  • Authenticator validation

    Note: Authenticator validation currently only supports DUO, TOTP and static authenticators.

    For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password example-password and the code 123456, the input must be example-password;123456.

    SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind.

  • User Logout

  • User Login

  • Deny

Limitations

The RADIUS provider only supports the clear-text protocol:

This does not mean that passwords are stored in cleartext, they are hashed and salted in authentik. However as all protocols besides Clear-text, EAP-MD5 and EAP-PWD require the password to be stored in the database in clear text, they are not supported.