Integration with RADIUS based Providers

XTAM supports integration with MFA providers that utilize the RADIUS Authentication protocol.

This article will describe how to proceed with the configuration in XTAM, but please note that you will need to know the specific values to use. If you do not know the specific configuration of your RADIUS based provider, please contact your Administrator or the Vendor for further assistance.

Pre-requisite: XTAM must be deployed with and configured to use its Federated Sign-In component in order to integrate with multi-factor authentication providers.

 

  1. Configure XTAM with the Federated Sign-In module and ensure that it is working properly.
  2. Log on to the XTAM host computer.
  3. Stop the PamManagement (Windows) or the pammanager (Linux) service. XTAM will be offline until this procedure is completed.
  4. Open the file <XTAM_HOME>/web/conf/catalina.properties and add the following lines to this file, inputting your MFA specific values (marked in red bold) where applicable:
  5. Copy
    cas.authn.mfa.globalProviderId=mfa-radius
     
    cas.authn.mfa.radius.client.sharedSecret=secret
    cas.authn.mfa.radius.client.authenticationPort=1812
    cas.authn.mfa.radius.client.accountingPort=1813
    cas.authn.mfa.radius.client.inetAddress=localhost
    cas.authn.mfa.radius.server.protocol=CHAP  (options include PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5, EAP-MSCHAPv2)
    cas.authn.mfa.radius.name=XTAM-Trigger # This line should only be added if your are using a Push based RADIUS provider. For example, if a user first authenticates with their username and password and then receives a token to their device, then add this line. Otherwise, do not include this line in your configuration.

     

    Please talk with your RADIUS or Network Administrator to learn what values should be set for the XTAM configuration.

     

    If you wish to enable different MFA providers for individual users or group, please read this article for additional information.

  6. When complete, save and close this file.

  7. Start the PamManagement (Windows) or the pammanager (Linux) service and try your RADIUS two-factor authentication login.