gluu-radius user authentication

By: Jonathan Van den broeck user 02 Feb 2023 at 6:42 a.m. CST

3 Responses
Jonathan Van den broeck gravatar
Expecting ACCESS_ACCEPT after ACCESS_REQUEST using PAP authentication. Intead ACCESS_REJECT is returned. Configuration: * new installation of GLUU server. * I followed the standard installation guide for the RADIUS server. * https://gluu.org/docs/gluu-server/4.4/admin-guide/radius-server/gluu-radius/ * I modified the gluu-radius.properties to allow for onestep authentication. * restarted the service. * Created a new account using the ADMIN UI. * The new account can successfully login on the default webpage. * Added a RADIUS client configuration. RADIUS logs: OpenID invalid client. Reject message is returned. https://pastebin.com/3n8ChvMC If we look at the oxAuth logs we get more information: On line 16: ExternalResourceOwnerPasswordCredentialsContext the user is null? Then we get the user is empty exception. https://pastebin.com/5KeWWywh RADIUS configuration: https://pastebin.com/8XBVCi3Z My user in the ADMIN UI used in the RADIUS request. https://ibb.co/ck8J7ZQ
Gluu 4.4 Ubuntu 20.04
closed

Answers

By Dzouato Djeumen Rolain Bonaventure staff 03 Feb 2023 at 4:21 a.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello Sir, In order to make a conclusive statement, we will also need the log output from the script too. It should be named oxauth_script.txt I think in the oxauth log directory. Could you please provide us with that too ?

By Jonathan Van den broeck user 06 Feb 2023 at 2:34 a.m. CST

Copy
Jonathan Van den broeck gravatar
Thank you for the response. Question, is it even recomended or supported to use the build in RADIUS server in production? I have been looking at some other tickets: https://support.gluu.org/authentication/11054/gluu-radius-only-processes-first-authentication-request/ In this ticket the RADIUS server stop processing requests after a while. I also have this additional problem. The service needs a manual restart. I did solve the initial problem described in the ticket itself. However if i reconfigure the authentication to use SuperGLUU instead, i recieve the notification but it immediately sends the reject response from the RADIUS server.

By Dzouato Djeumen Rolain Bonaventure staff 27 Mar 2023 at 12:28 a.m. CDT

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
We will recommend you use our Radiator plugin for production usage. The radius server isn't production ready, and is usually for small loads.

Post an answer