RADIUS

Added by Scott Battaglia, last edited by Scott Battaglia on Mar 04, 2007  (view change)
Table of Contents
Home
Overall Architecture
Authentication
Authentication Managers
Security Policy
TicketRegistry
Testing
Protocols
Advanced Features
Tutorials and HOWTOs
Troubleshooting
Services Management
Extensions

RADIUS Authentication Handler

Including the Handler

In the pom.xml file for your CAS webapp (the default is ${project.home}/cas-server-webapp/pom.xml) add the following dependency:

<dependency>
     <groupId>${project.groupId}</groupId>
     <artifactId>cas-server-support-radius</artifactId>
     <version>${project.version}</version>
</dependency>

Core Classes

RadiusAuthenticationHandler

The RadiusAuthenticationHandler is the class that will take your credentials and authenticate them against a RADIUS server. It is able to handle two types of failovers: failover on an authentication failure, and failover on a server exception. It can be configured with the following properties:

  • failoverOnAuthenticationFailure - boolean to determine whether we should try the next server if there is an authentication failure.
  • failoverOnException - boolean to determine whether we should try the next server if an exception is thrown.
  • servers - takes an array of servers which are the RADIUS servers we would like to connect to. The handler tries them in the order they are configured.

JRadiusServerImpl

The JRadiusServerImpl is one implementation of the more generic RadiusServer interface. Its underlying implementation relies on the JRADIUS library. Each instance represents one RADIUS server and has various configuration options:

  • accountingPort - the accounting port that this server uses.
  • authenticationPort - the authentication port this server uses.
  • radiusAuthenticator - the RADIUS authenticator to use. Defaults to PAP.
  • retries - the number of times to keep retrying a particular server.
  • sharedSecret - the secret key used to communicate with the server.
  • socketTimeout - the amount of time to wait before timing out.
  • hostName - the hostname of the RADIUS server.

Configuration

Below, you'll find an example configuration for two RADIUS servers and failoverOnException. This authenticationHandler is configured within the "authenticationHandlers" property of the AuthenticationManagerImpl. Usually, it would replace the test authentication handler.

<bean
	class="org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler">
	<property
		name="servers">
		<list>
			<bean
				class="org.jasig.cas.adaptors.radius.JRadiusServerImpl">
				<constructor-arg index="0" value="radius1.example.org" />
				<constructor-arg index="1" value="THIS_IS_MY_SHARED_SECRET" />
				<constructor-arg index="2">
					<bean
						class="net.sf.jradius.client.auth.PAPAuthenticator" />
				</constructor-arg>
				<constructor-arg index="3" value="AUTHENTICATION_PORT333" />
				<constructor-arg index="4" value="ACCOUNTING_PORT333" />

				<constructor-arg index="5" value="SOCKET_TIMEOUT" />
				<constructor-arg index="6" value="NUMBER_OF_RETRIES" />
			</bean>
			<bean
				class="org.jasig.cas.adaptors.radius.JRadiusServerImpl">
				<constructor-arg index="0" value="radius2.example.org" />
				<constructor-arg index="1" value="THIS_IS_MY_SHARED_SECRET" />
				<constructor-arg index="2">
					<bean
						class="net.sf.jradius.client.auth.PAPAuthenticator" />
				</constructor-arg>
				<constructor-arg index="3" value="AUTHENTICATION_PORT333" />
				<constructor-arg index="4" value="ACCOUNTING_PORT333" />

				<constructor-arg index="5" value="SOCKET_TIMEOUT" />
				<constructor-arg index="6" value="NUMBER_OF_RETRIES" />
			</bean>
		</list>
	</property>
	<property
		name="failoverOnException"
		value="true" />
</bean>
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.