Install SecureAuth RADIUS Server

Follow the steps in this guide to install SecureAuth® Identity Platform RADIUS server version 20.12.xx for the first time. For upgrade instructions, see Upgrade SecureAuth RADIUS Server.

For optimum performance in a large organization, consider installing or upgrading SecureAuth RADIUS separately from the Identity Platform server.

If you have any questions, contact SecureAuth Support.

Installation steps

Before installing SecureAuth RADIUS Server, ensure that you have SecureAuth IdP 9.3 or Identity Platform release 19.07 or later installed.

Note

Do not install SecureAuth Identity Platform RADIUS server version 20.12 on a Windows Domain Controller.

  1. Download the SecureAuth RADIUS Server installation file from the SecureAuth Product Downloads page.

  2. Double-click the SecureAuth-IdP-RADIUS-Server-20.12.07.exe file to start the install wizard.

    If you have not already logged in as an administrator, you will be prompted to do so.

  3. Click Next to proceed.

    1_Start.png
  4. Select the appropriate checkboxes to enable quick access to the RADIUS Admin Console via a desktop icon or the Start menu selection:

    • Create a Desktop icon.

    • Create an entry in the Start Menu.

  5. Click Next to review settings.

    60574000.png
  6. Review settings and do one of the following:

    • Click Back to make edits.

    • Click Install to begin installing the RADIUS service.

    60573998.png
  7. After the installation is complete, optionally select the files to start when the wizard closes:

    • View README.

    • Launch RADIUS Administration Console.

  8. Click Finish to close the install wizard.

    If either or both files were selected in the previous step, the requested files are displayed.

    60573996.png

Optional configurations

The following steps are optional configurations you can make to customize the SecureAuth RADIUS Server.

Disable special character support in user IDs (SecureAuth IdP 9.2 only)

Customers running SecureAuth IdP 9.2  must disable support for special characters; otherwise, end users who use special characters in their user IDs will not be able to authenticate.

  1. Open the appliance.radius.properties file in a text editor.

    This file is located in the conf folder. For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

  2. Set enable.special.characters.for.userid=false, as shown in the following image:

    appliance_radius_properties4.png
  3. Save your changes.

Display multiple authentication devices

Allow end users to select their authentication device if they have more than one device.

  1. Open the appliance.radius.properties file in a text editor.

    This file is located in the conf folder. For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

  2. Add the radius.oath.strategy=ask_by_otp_device property, as shown in the following image.

    60573995.png
  3. Save your change.

End user experience

When end users with multiple devices authenticate, the following screen appears:

60573994.png

Additionally, SecureAuth RADIUS server supports both HMAC-based One-Time Password (HOTP) and Time-based One-Time Password (TOTP) in seed and token modes, so the TOTP/HOTP authentication type appears instead of OTP:

60573992.png

Maximize login requests with timeout value

Maximize successful login requests to the Identity Platform by setting a timeout value.

  1. Open the appliance.radius.properties file in a text editor.

    This file is located in the conf folder. For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

  2. Add the idp.api.timeout=n property, where n is the timeout value in milliseconds.

    For example, idp.api.timeout=50000.

    If a value for idp.api.timeout is not specified, it is set to 50000 by default.

    69108133.png
  3. Save your change.

Set the number of UDP processor threads

Set the number of User Datagram Protocol (UDP) processor threads that SecureAuth RADIUS can use to receive access-request packets.

  1. Open the appliance.radius.properties file in a text editor.

    This file is located in the conf folder. For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

  2. Add the radius.processorThreads=n property, where n is the number of processor threads.

    For example, radius.processorThreads=50.

    If a value for radius.processorThreads is not specified, it is set to 50 by default for best performance.

    69108112.png
  3. Save your change.

  4. Open your system's Task Manager and select the Services tab.

  5. Right-click secureAuthRadius and click Restart.

    When you lose connection, cancel out of the reconnect dialog.

  6. Select the Services tab and copy the PID for the java.exe process.

  7. Open PowerShell as an Administrator.

  8. Append the PID for the java.exe process to jconsole.exe and run the command.

    jconsole.exe <PID> 

    For example:

    jconsole.exe 4648

Set the PIN length for PIN + OTP authentication

Set the PIN length for your end users for the PIN + OTP authentication workflow.

  1. Open the appliance.radius.properties file in a text editor.

    This file is located in the conf folder. For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

  2. Add the pin.length = n property, where n is the PIN length. Set a PIN length of up to 18 digits.

    For example, pin.length = 8.

  3. Save your change.

Next steps

Configure SecureAuth RADIUS server version 20.12