Sun Java System Access Manager 6 2005Q1 Deployment Planning Guide |
Appendix F
Authenticate Against RADIUS ServersSun Java System Access Manager is able to authenticate users against a Remote Authentication Dial-In User Service (RADIUS) server. This appendix contains instructions to setup this deployment. It contains the following sections:
OverviewRADIUS is an industry standard protocol used to provide authentication and authorization services. In this type of authentication, Access Manager, the client, sends RADIUS-formatted messages to a RADIUS server which authenticates and authorizes the request and sends back a RADIUS-formatted response.
RADIUS Server ConfigurationThe following procedures will allow an administrator to test Access Manager authentication against a RADIUS server.
- Add a user entry to the RADIUS server which will be used to test authentication.
The following user information should be added to RADIUS_install/etc/ raddb/users where Login-Host is the host and domain of the machine where Access Manager is running.
Code Example F-1 RADIUS User Entry
"Sample_User1" Password == "Password"
User-Service-Type = Login-User,
Login-Host = access_manager_host.domain_name,
Login-Service = PortMaster
- Add the Access Manager Fully Qualified Domain Name (FQDN) or IP address to the RADIUS server.
This client information is added to RADIUS_install/etc/raddb/clients. Ensure that the defined shared ‘secret’ is also added.
- Change to the RADIUS_install/sbin directory and restart the RADIUS server using the command:
./radiusd &.
Access Manager Configuration
- Login to Access Manager as amAdmin.
- Go to the top-level organization.
- Select Services from the View drop down in the Navigation frame.
- If RADIUS is not a registered authentication service, then click Register....
If RADIUS is already registered, go to Step 6.
- Select “RADIUS” from the Data frame and click Register.
- Click on the RADIUS properties arrow in the Navigation frame.
If the template is not created, create it.
- Add the FQDN or IP address of the RADIUS Server in the RADIUS Server 1 field.
- Enter the shared secret used in Step 2 of RADIUS Server Configuration.
- Enter the RADIUS server’s port number and save the template’s changes.
The default is 1645.
- Click on the Core properties arrow in the Navigation frame.
- Select RADIUS in the Organization Authentication Modules list and save the change.
Caution
In Step 11, be sure not to deselect LDAP when selecting RADIUS.
- Logout from the Access Manager console.
- Login as Sample_User1 with the URL http://access_manager_host.domain_name:port/service_deploy_uri/UI/Login?module=RADIUS.