Ceptor has support for a RADIUS Server and client that currently supports PAP authentication and accounting requests. CHAP and two-factor authentication is being tested at the moment, having user administration through the Ceptor user database.

Features

• Behavior can be controlled fully via scripts - can be used for deciding which MFA authentication factors to offer which users based upon any attributes in the incoming AccessRequest
• Full Challenge support for prompting users in multiple steps.
• No stickiness required - all instances can take part in a regular clustered Ceptor installation.
• Full access to request/response package content, allowing scripts to manipulate full packet content, including all possible attributes.
• Supports Multifactor (MFA) Authentication Methods, allowing user to choose between multiple methods, or allowing specific users / groups access to a subset based upon any attribute/user role etc.
• Combined with Ceptor Authentication Plugins, supports advanced types of authentication, such as Azure MFA.
• Built-in radius client supporting e.g. PAP, CHAP, MSCHAPv2 protocols for proxying requests to remote radius servers.
• Shared secret configurable per client

Launcher Configuration

In order to get the RADIUS Server started the radius service should be configured in the ceptor_launch.xml. The radius server does not require its own JVM to run, so if the existing capacity can handle it, it could as an example be a service defined in the session controller classloader/JVM – for example like this:

...