BACK-END – RADIUS (tab)
Record changes (add, change, delete) will not take effect immediately on all OneSpan Authentication Server instances unless replication is used to synchronize the instances. If replication is not used, changes to records will take effect when each instance is restarted, once the change is available to it in its data store. Alternatively, if there is no restart, the record cache will refresh from the data store approximately every 15 minutes.
| Field name | Description |
|---|---|
| Authentication IP Address |
The IP address on which the RADIUS server receives and handles authentication requests. |
| Authentication Port |
The UDP port on which the RADIUS server receives and handles authentication requests. Possible values: 0–65535 |
| Accounting IP Address | The IP address on which the RADIUS server receives and handles accounting requests. |
| Accounting Port |
The UDP port on which the RADIUS server receives and handles accounting requests. Possible values: 0–65535 |
| Shared Secret | The secret shared between OneSpan Authentication Server and the RADIUS server. |
| Confirm Shared Secret | Confirmation of the shared secret when editing and creating the back-end server record. |
| Timeout (seconds) |
The number of seconds to wait for a response from the server before either retrying or trying another server. Possible values: 1–999 |
| Retries |
Number of times to retry if no response is received from the RADIUS server. Possible values: 0–9 |
| RADIUS Request Format | |
| Character Encoding | Encoding/locale format required by the RADIUS server. |
| Include Realm |
Specify whether to include the realm in the userName RADIUS attribute of an authentication request. Possible values:
Default value: No |
| Custom Realm |
The realm to be included in the userName RADIUS attribute of an authentication request. The realm is a string of up to 255 characters. If you have selected to include the realm (Yes - Prefix or Yes - Postfix) and the Custom Realm field is left empty, the user's domain will be included in the authentication request. |
RADIUS character encoding
When OneSpan Authentication Server forwards a RADIUS packet to a RADIUS server, it encodes the password field of that packet to UTF-8 format by default. If your RADIUS server expects or requires a different encoding format, then all authentication requests sent by OneSpan Authentication Server will be rejected. The encoding setting should reflect the encoding that is expected by the back-end server.
If your RADIUS server requires the password field to be in any specific encoding/locale format other than UTF-8, then you will need to configure OneSpan Authentication Server to convert all RADIUS packets accordingly. In most environments, all hosts have the same encoding format. In this case, you need to set the encoding type to @LOCALE@. Otherwise, set the encoding type to the required format, e.g. CP850.