Installation

# Create a RADIUS App in the Portal

Log into the MIRACL Trust authentication portal, click on the ‘Applications’ in your project and create a new OTP app. MIRACL Trust RADIUS server integrates with MIRACL Trust Portal through its OTP API.

In the portal, when you create a new app, you are issued with your Client ID and Client Secret. The Client Secret is issued to you once. It must be grabbed when first displayed:

Client ID can then be copied at any time from the app settings screen:

Any end users wishing to make use of your RADIUS app must visit the OTP url displayed in the Registration Link above. This is explained in the OTP generation page.

Note also that you can configure the login methods to specify whether your users can generate One Time Passwords directly in their desktop browser, in the mobile app (QR Code), or both.

# MIRACL Trust RADIUS Server Installation

This page gives you guidance on using the MIRACL Trust Radius server Docker image. To get the miracl/radius docker image that is referenced in the following section, please contact MIRACL.

These instructions assume that you have already setup your RADIUS server configuration. Please see the Generic client setup info and the ssh and OpenVPN demo setup instructions for detailed guidance on configuring the product for use.

# Environment Variables

The following environment variables are available:

  • MIRACLRADIUS_CONFIGPATH - sets the configuration file to start the service with.
  • MIRACLRADIUS_LOGLEVEL - sets the Log level to be one of ERROR, WARN, INFO or DEBUG.
  • MIRACLRADIUS_DUMP - if set to JSON or YAML, outputs the full configuration, if set to SCHEMA - outputs the JSON schema.

# Docker Quick Guide

This guide gives you an understanding of the necessary components and what command line options need to be passed in order to run the MIRACL Trust RADIUS server docker image.

Assuming that you have your config files stored in a local directory such as /home/user/miracl-radius-test/ (as explained in the server configuration) you can now run:

docker run \
  --network host \
  --volume /home/user/miracl-radius-test/:/etc/miracl-radius \
  miracl/radius:latest \
  --configPath /etc/miracl-radius/config.yaml

As it is running on the host network (set by the option –network host), the service is accessible at port 1812, unless you change the default port in the config. If you want to share only the used port to the RADIUS server docker container instead of the whole host network, you can use the option -p 1812:1812:

docker run \
  --publish 1812:1812/udp \
  --volume /home/user/miracl-radius-dockertest/:/etc/miracl-radius \
  miracl/radius:latest \
  --configPath /etc/miracl-radius/config.yaml

If your RADIUS server sends accounting records to the MIRACL RADIUS server, you need to open port 1813:

docker run \
  --publish 1812:1812/udp \
  --publish 1813:1813/udp \
  --volume /home/user/miracl-radius-dockertest/:/etc/miracl-radius \
  miracl/radius:latest \
  --configPath /etc/miracl-radius/config.yaml

If you want to use the environment variables to pass the RADIUS server configuration, there are two options:

  • Use MIRACLRADIUS_CONFIGPATH to pass the path to the configuration:
export MIRACLRADIUS_CONFIGPATH=`/home/user/miracl-radius-test/config.yaml`
docker run \
  --network host \
  --env MIRACLRADIUS_CONFIGPATH \
  miracl/radius:latest

MIRACL Trust RADIUS server has a configuration dump functionality which allows you to see the full config settings which your server started with. You can just run the server with -d option and specify which format you’d like to see the full configuration. The following command outputs in yaml format the assembled configuration the server starts up with:

docker run \
  --network host \
  --volume /home/user/miracl-radius-test/:/etc/miracl-radius \
  miracl/radius:latest \
  --configPath /etc/miracl-radius/config.yaml \
  --dump yaml

See the SSH Demo Setup instructions for detailed instructions on getting a Docker container running which can be used to log into a separate ssh terminal.

# Restarting the Service

Every change of the configuration should be followed by a restart of the RADIUS server container (named radius) in order to take effect:

docker restart radius

# Uninstall

The RADIUS server could be uninstalled by just stopping and removing its docker container:

docker stop radius
docker rm radius