Creating RADIUS authentication profiles
You can configure a SafeLinx Server can to connect to a third-party RADIUS server to authenticate users. To enable the use of RADIUS authentication, you create a RADIUS authentication profile.
About this task
Procedure
-
From the SafeLinx Administrator, click the Resources tab, right-click the OU in
which you want to create the authentication profile, and then click .
The Add a New Authentication profile wizard opens to guide you through creating a RADIUS authentication profile.
-
For mobile network connections (MNCs) that are used by SafeLinx Clients, select
Challenge user for user ID and password if you want users to receive separate
authentication challenges from SafeLinx and from the RADIUS server. If this field is not
selected, the credentials that the SafeLinx Client submits to log in to the SafeLinx Server are
passed to the RADIUS server.
Note: You must select this field if the RADIUS user ID and password are different from the SafeLinx Client credentials.
- In the field Challenge string (displayed on client), type the text that you want SafeLinx Client users to see on the title bar of the window that prompts them to log in.
- In the field IP addresses of RADIUS servers, specify a comma-delimited list of the IP addresses of the RADIUS servers to be used by this profile. All of the RADIUS servers in the list must be configured to use the same port number and RADIUS shared secret.
-
To enable lightweight third-party authentication (LTPA), select Enable
LTPA, and then complete the following fields:
- LTPA token type
- Specifies whether the authentication profile uses LTPA version 1 (LtpaToken) or LTPA version 2 (LtpaToken2) tokens.
- LTPA token realm/domain
- Specifies the DNS realm or domain to encode in the token.
- LTPA token user identification field
- Specifies the user attribute to encode in the token. All servers in the SSO domain must use a common attribute.
- LTPA token lifetime
- Specifies the number of minutes that an LTPA token remains valid. After the token expires, a user must reauthenticate.
- If you want to use single sign-on (SSO) with this profile, select Enable SSO and then in the field SSO Cookie domain, type the DNS domain in which to apply SSO.
- Select Enable SSO over SSL connections only to require that servers that participate in SSO share a secure connection.
- After you complete the wizard, click Finish to save the profile.
- Edit the properties of the SafeLinx Server. Review the port number of the SafeLinx Server that listens for connections from SafeLinx Clients. The default port is 9610.
-
To assign the authentication profile to a resource, edit the properties of the HTTP access
service or connection profile.
- To assign the profile to an HTTP access service, click the Mode tab and in the Authentication Profile field, select the RADIUS profile that you created.
- To assign the profile to a connection profile, click the Security tab and in the Authentication Profile field, select the RADIUS profile that you created.