Radius Adapter

Radius Adapter

Functionality

The Radius adapter allows TrustBuilder to authenticate users against a Radius Server. This can be:

  • username / pincode
  • username / pincode + One Time Password
  • setting a new pincode for a given username

Prerequisites

In order for the push adapter to function one should have an application running on either android or ios capable of receiving push notifications. This usually requires having either a developer account with ios and configured push notifications here. Google requires a API key, you can find out here how to get one.

Configuration

AdapterUniqueID

Unique name assigned to this adapter; the name is used to reference the adapter in the workflow. The ID has following requirements:

  • START with a letter or _ (underscore)
  • FOLLOWED by a combination of following characters: Letter, Number, '.' (dot), '-' (dash), '_' (underscore)
  • Port TCP Port of the backend RADIUS Server
  • Priority The priority of this server
  • Secret The Shared secret between the TrustBuilder server and the radius server. This secret is encrypted automatic.
  • Address URL or IP of the backend RADIUS Server x
  • IncludeAttributes Whether the response should include the attribute values or not (default = false)

Workflow Settings

A request for the adapter is prepared by specifying the following properties/scripts in the adapter activity:

  • Input Property: the variable containing the instructions the adapter have to execute
  • Output Property: the variable the adapter will store the response in after execution
  • Before Adapter Script: script that will be executed before calling the adapter
  • After Adapter Script: script that will be executed after the adapter fulfilled its task

Request - API

radiusRequest

Creates a Radius request.

radiusRequest(username,password,state) 

with parameters:

  • username: Non-null, non-empty string.
  • password: Non-null, non-empty string.
  • state: String. May be null; sent to the server with the request

Response - API

Common Properties

The response API can be applied to the variable specified in the "output property" (see "Workflow Settings"): to verify whether the action performed by the adapter was successful, to query for the data returned by the adapter.

All responses have four properties in common:

  • status Status flag indicating whether the response is ok (0) or not (1).
  • substatus Response specific number indicating what the problem was, eg. http status code
  • message Response specific message in case there was a problem (can be null)
  • rc Return Code, a human readable code based on the substatus

Adapter Specific Properties

getAttributes() Returns array of objects containing

  • name
  • type
  • value

getAttributeValue(name) Returns value for a named attribute

Response Codes

If all is ok, the status is zero, for non-zero statusses you can find the description below.

1 Radius error
2 Access challenge error The user must supply extra information to the Radius server (e.g. Enter a new pin code) 3 Access reject error
4 Unknown attribute error
5 Unknown response error

Additional Notes

The adapter supports load balancing, read the Loadbalancing chapter for more information.

Example

Based on the value of the state variable, it is sent with the request or not. RADIUS Request Example

function radiusAutenthicateRequest(workItem){
 var radiusinput;
 if (workItem.state != ""){
  radiusInput = tb.radiusRequest(workItem.username,workItem.passcode,workItem.state);
 } else {
  radiusInput = tb.radiusRequest(workItem.username, workItem.passcode,null);
 }
 workItem.radiusInput = radiusInput;
}

Response

The response returned by the radius may vary.

  • response ok
  • challenge response
function radiusAdapterHandler(workItem) {
 switch (workItem.radiusOutput.status) {
  case 0:
   switch (workItem.radiusOutput.substatus) {
    case 0:
     log("the request completed successfully and the user was authenticated");
     break;
    case 2:
     log("A challenge was sent by the Radius server");
     log("radiusMessage: " + workItem.radiusOutput.getAttribute('Status'));
     log("radiusMessage: " + workItem.radiusOutput.getAttributes()[0].value);
     log("radiusState: " + workItem.radiusOutput.getAttributes()[1].value);
     break;
   }
   break;
  default:
   log("Radius was not able to authenticate the user, or has encountered an error");
   break;
 }
}
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.