Chapter 12       RADIUS Authentication Attributes


The RADIUS Authentication attributes are organization attributes. The values applied to them under Service Management become the default values for the RADIUS Authentication template. A template is created for each organization when the organization registers for a service. The default values can be changed after registration by the organization's administrator. Organization attributes are not inherited by entries in the organization. The RADIUS Authentication attributes are:

• RADIUS Server 1

• RADIUS Server 2

• RADIUS Shared Secret

• RADIUS Server's Port

• Authentication Level

• Timeout (Seconds)

RADIUS Server 1

---

This field displays the IP address or host name of the primary RADIUS server. The default IP address is 127.0.0.1. The field will recognize any valid IP address or host name. Multiple entries must be prefixed by the local server name.

RADIUS Server 2

---

This field displays the IP address or host name of the secondary RADIUS server. It is a failover server which will be contacted if the primary server could not be contacted. The default IP address is 127.0.0.1. Multiple entries must be prefixed by the local server name.

RADIUS Shared Secret

---

This field carries the shared secret for RADIUS authentication. The shared secret should have the same qualifications as a well-chosen password. There is no default value for this field.

RADIUS Server's Port

---

This field specifies the port on which the RADIUS server is listening. The default value is 1645.

Authentication Level

---

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. (The value in this attribute is not specifically used by DSAME but by any external application that may chose to use it.) If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0, the lowest authentication level.

---

Note	If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Auth Level. See "Default Auth Level" for details.

---

Timeout (Seconds)

---

This field specifies the time interval in seconds to wait for the RADIUS server to respond before a timeout. The default value is 3 seconds. It will recognize any number specifying the timeout in seconds.