RADIUS Authentication

If you want to use RADIUS authentication for this application’s clients, you must create a RADIUS user matching the login in the application (and assign that user the correct groups and functional permissions in the application).

The property file that needs to change is on the application server(s) in

oware\jboss-<version number>\server\oware\conf\login-config.xml.

By default, RADIUS authentication is commented out in this file. To use RADIUS, uncomment this section (changing <!-- to < and --> to >). Then, configure the options (example server, secret, prompts, NAS-IP-Address).

Here is an example of the application’s freeradius implementation on helix.

<authentication>

<!--login-module code = "com.theorem.radius3.login.RADIUSLogin"

flag = "sufficient">

<module-option name = "authtype">CHAP</module-option>

<module-option name = "debug">true</module-option>

<module-option name = "server">127.0.0.1</module-option>

<module-option name = "port">1812</module-option>

<module-option name = "timeout">1</module-option>

<module-option name = "secret">secret</module-option>

<module-option name = "namePrompt">Name:</module-option>

<module-option name = "passwordPrompt">Password:</module-option>

<module-option name = "NAS-IP-Address">@127.0.0.1</module-option>

<module-option name = "NAS-Port">#1</module-option>

<module-option name = "Framed-Protocol">#PPP</module-option>

<module-option name = "Service-Type">#Login</module-option>

</login-module-->

<login-module code = "com.dorado.extensions.OWLoginModule"

flag = "sufficient">

</login-module>

</authentication>

[spacer]

This application logically ANDs the RADIUS authentication policies with its internal security policies.

To disable authentication against Redcell, the second login module needs to be removed or commented out in XML. (Comments in XML are bracketed with
<!-- and -->.)

<!--

<login-module code = "com.dorado.extensions.OWLoginModule"

flag = "sufficient">

</login-module>

-->