Skip to main content

SecureAuth RADIUS Diagnostic Tool

This guide provides instructions on how to run and diagnose your SecureAuth RADIUS server using the SecureAuth RADIUS Diagnostic Tool.

The SecureAuth RADIUS Diagnostic Tool has two basic purposes:

Test SecureAuth IdP endpoint

Test the endpoints used by SecureAuth RADIUS. Use this tool to identify if the issue is with the SecureAuth RADIUS Server or the SecureAuth IdP realm that SecureAuth RADIUS is trying to access.

Simulate the connection from a VPN client

Determine whether the issue is with VPN configuration in use, or in the connection between the VPN client and the SecureAuth RADIUS Server.

Download the SecureAuth RADIUS Diagnostic Tool

From the SecureAuth Product Downloads page, download and unzip the the SecureAuth RADIUS Diagnostic Tool.

Note

You must have Java 11 installed on the same machine as the SecureAuth RADIUS Diagnostic Tool.

Run the SecureAuth RADIUS Diagnostic Tool

  1. On the machine where you have the SecureAuth RADIUS Diagnostic tool, use the following methods to run the tool.

    1. Run.bat – Double-click this file to open a terminal at the corresponding URL on the machine for SecureAuth RADIUS. When you close this terminal, the application stops.

    2. Browser.bat – If you close a browser tab and can't remember the URL, you can double-click this file to open your default web browser at the corresponding URL for SecureAuth RADIUS.

    The SecureAuth RADIUS Diagnostic Tool opens.

    Radius_Test_Tool_1.png

  2. The tool has two tabs; see the following links for the type of request you want to run.

Send a SecureAuth IdP request

This section explains how to send a request to a specified SecureAuth idP realm.

Radius_Test_Tool_3.png

Sample request for Validate Password

radius_test_tool_14.png

Sample request for Validate Password - show/hide inputs

  1. On the machine where you have SecureAuth RADIUS Diagnostic Tool installed, double-click Run.bat.

    The SecureAuth RADIUS Diagnostic Tool opens.

    Radius_Test_Tool_1.png

  2. Select the IDP tab.

  3. In the IdP Info section, enter information for the following fields.

    This relates to the configurations set in Add IdP realms.

    IdP Host

    SecureAuth IdP hostname.

    For example, hostname.company.com

    IdP Realm

    SecureAuth IdP realm name and number.

    For example, secureauth84

    APP ID

    SecureAuth API Application ID.

    APP Key

    SecureAuth API Application Key.

  4. In the Operation section, select the type of request you want to send.

    Radius_Test_Tool_2.png

    Type of request

    Description and value to enter

    Validate User

    Validate a user in the specified SecureAuth IdP realm.

    Enter the username to validate.

    Validate Password

    Validate the password for a user in the specified SecureAuth IdP realm.

    Enter the username and password to validate.

    Validate PIN

    Validate the PIN for a user in the specified SecureAuth IdP realm.

    Enter the username and PIN to validate.

    Validate OATH-OTP

    Validate the specific OATH-OTP for a user in the specified SecureAuth IdP realm.

    Enter the username and OATH-OTP value to validate.

    Get Factors

    Get specific factors for the specified SecureAuth IdP realm.

    Enter one or more factors in the request.

    Get User Properties

    Get all relevant properties for a specified user.

    Enter the username in the request.

  5. Click Send Request.

    The result of the request appears in the Request section, similar to the following example.

    Radius_Test_Tool_4.png

    Sample request for Get User Properties

Send a SecureAuth RADIUS request

This section explains how to simulate a common VPN request to a SecureAuth RADIUS Server. Take note that the authentication workflow configuration must be configured through the normal SecureAuth RADIUS configuration in the RADIUS Clients settings.

  1. On the machine where you have SecureAuth RADIUS Diagnostic Tool installed, double-click Run.bat.

    The SecureAuth RADIUS Diagnostic Tool opens.

  2. Select the RADIUS tab.

    Radius_Test_Tool_5.png

  3. In the RADIUS Parameters section, enter the required information in the following fields:

    This relates to the configurations set in Configure RADIUS Clients settings and Configure SecureAuth RADIUS settings.

    RADIUS Host

    The IP or URL where the SecureAuth RADIUS server is hosted.

    If you are using this tool on the same machine where SecureAuth RADIUS server is installed, you can use localhost.

    Port

    Port number used by the SecureAuth RADIUS server to communicate with endpoints.

    Shared Secret

    The shared secret that was defined in the RADIUS Server Settings.

    Reply Timeout

    Set the time in seconds, to wait for a reply before timeout.

    Retries

    Set the allowed number of times to retry the request.

  4. In the Login section, enter login credentials as an end user in a VPN client.

    Username

    Login username.

    Password

    Login password.

    State

    Read-only field displays the state code for the SecureAuth IdP request. It is essentially the cookie for the state of your ongoing request.

  5. Click Send Request.

    The result of the request appears in the Request section, similar to the following example of a request with 2FA.

    Radius_Test_Tool_6.png

Add attributes in a SecureAuth RADIUS request

This section explains how to add custom SecureAuth RADIUS attributes to your request. This is a common requirement in NTRadPing for troubleshooting RADIUS servers.

  1. On the machine where you have SecureAuth RADIUS Diagnostic Tool installed, double-click Run.bat.

    The SecureAuth RADIUS Diagnostic Tool opens.

  2. Select the RADIUS tab and scroll down the page to see the Attributes ADD and CLEAR buttons.

    Radius_Test_Tool_7.png

  3. To add a new attribute, click the down arrow icon.

    Radius_Test_Tool_7b.png

    The option list appears.

    Radius_Test_Tool_8.png

  4. From the list, select an attribute and fill in the fields associated with that attribute.

    In the following example, we selected the Calling-Station-Id attribute. Then, in the field on the right, enter the attributes for the Calling-Station-ID. For example, 10.10.10.10.

    Radius_Test_Tool_9.png

  5. Click ADD and it appears in the list like the example shown next.

    Radius_Test_Tool_10.png

  6. If needed, repeat the steps above to add more attributes.

    For example, you can add two more attributes like the example shown next.

    Radius_Test_Tool_11.png

  7. To manage the list of attributes, do the following:

    • To delete an attribute, click the red X to the left of the attribute.

      Radius_Test_Tool_12.png

    • To remove all attributes, click CLEAR.

      Radius_Test_Tool_13.png

  8. When you have set up your attributes, click Send Request.

In this section: