# Create a RADIUS App in the Portal
Log into the MIRACL Trust Portal, click on Applications in your project and create a new OIDC app. MIRACL Trust RADIUS server integrates with MIRACL Trust Portal through its OIDC API.
In the Portal, when you create a new app, you are issued with your Client ID and Client Secret. The Client Secret is issued to you once. It must be grabbed when first displayed:
The Client ID can then be copied at any time from the app settings screen:
The Client ID and Client Secret need to be added to your RADIUS server mfa configuration as explained here so it can authenticate to the MIRACL Trust Portal.
# MIRACL Trust RADIUS Server Installation
This page gives you guidance on using the MIRACL Trust Radius server Docker
image. To get the miracl/radius docker image that is referenced in the
following section, please contact MIRACL.
These instructions assume that you have already setup your RADIUS server configuration. Please see the Generic client setup info and the ssh and OpenVPN demo setup instructions for detailed guidance on configuring the product for use.
# Environment Variables
The following environment variables are available:
- MIRACLRADIUS_CONFIGPATH - sets the configuration file to start the service with.
- MIRACLRADIUS_LOGLEVEL - sets the Log level to be one of ERROR, WARN, INFO or DEBUG.
- MIRACLRADIUS_DUMP - if set to JSON or YAML, outputs the full configuration. If set to SCHEMA, it outputs the JSON schema for your configuration guidance.
# Docker Quick Guide
This guide gives you an understanding of the necessary components and what command line options need to be passed in order to run the MIRACL Trust RADIUS server docker image.
Assuming that you have your config files stored in a local directory such as
/home/user/miracl-radius-test/ (as explained in the
server configuration) you can now run:
docker run \
--network host \
--volume /home/user/miracl-radius-test/:/etc/miracl-radius \
miracl/radius:latest \
--configPath /etc/miracl-radius/config.yaml
As it is running on the host network (set by the option –network host), the service is accessible at port 1812, unless you change the default port in the config. If you want to share only the used port to the RADIUS server docker container instead of the whole host network, you can use the option -p 1812:1812:
docker run \
--publish 1812:1812/udp \
--volume /home/user/miracl-radius-dockertest/:/etc/miracl-radius \
miracl/radius:latest \
--configPath /etc/miracl-radius/config.yaml
If your RADIUS server sends accounting records to the MIRACL RADIUS server, you need to open UDP port 1813 too:
docker run \
--publish 1812:1812/udp \
--publish 1813:1813/udp \
--volume /home/user/miracl-radius-dockertest/:/etc/miracl-radius \
miracl/radius:latest \
--configPath /etc/miracl-radius/config.yaml
If you want to use the environment variables to pass the RADIUS server configuration, there are two options:
- Use MIRACLRADIUS_CONFIGPATH to pass the path to the configuration:
export MIRACLRADIUS_CONFIGPATH=`/home/user/miracl-radius-test/config.yaml`
docker run \
--network host \
--env MIRACLRADIUS_CONFIGPATH \
miracl/radius:latest
MIRACL Trust RADIUS server has a configuration dump functionality which allows
you to see the full config settings which your server started with. You can just
run the server with -d option and specify which format you’d like to see the
full configuration. The following command outputs in yaml format the assembled
configuration the server starts up with:
docker run \
--network host \
--volume /home/user/miracl-radius-test/:/etc/miracl-radius \
miracl/radius:latest \
--configPath /etc/miracl-radius/config.yaml \
--dump yaml
See the SSH Demo Setup instructions for detailed instructions on getting a Docker container running which can be used to log into a separate ssh terminal.
# Restarting the Service
Every change of the configuration should be followed by a
restart of the
RADIUS server container (named radius) in order to take effect:
docker restart radius
# Uninstall
The RADIUS server could be uninstalled by just stopping and removing its docker container:
docker stop radius
docker rm radius
