# Create a RADIUS App in the Portal
Log into the MIRACL Trust authentication portal, click on the ‘Applications’ in your project and create a new OTP app. MIRACL Trust RADIUS server integrates with MIRACL Trust Portal through its OTP API.
In the portal, when you create a new app, you are issued with your Client ID and Client Secret. The Client Secret is issued to you once. It must be grabbed when first displayed:
Client ID can then be copied at any time from the app settings screen:
Any end users wishing to make use of your RADIUS app must visit the OTP url displayed in the Registration Link above. This is explained in the OTP generation page.
Note also that you can configure the login methods to specify whether your users can generate One Time Passwords directly in their desktop browser, in the mobile app (QR Code), or both.
# MIRACL Trust RADIUS Server Installation
This page gives you guidance on using the MIRACL Trust Radius server Docker
image. To get the
miracl/radius docker image that is referenced in the
following section, please contact MIRACL.
These instructions assume that you have already setup your RADIUS server configuration. Please see the Generic client setup info and the ssh and OpenVPN demo setup instructions for detailed guidance on configuring the product for use.
# Environment Variables
The following environment variables are available:
- MIRACLRADIUS_CONFIGPATH - sets the configuration file to start the service with.
- MIRACLRADIUS_LOGLEVEL - sets the Log level to be one of EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFO or DEBUG.
- MIRACLRADIUS_DUMP - if set to JSON or YAML, outputs the full configuration, if set to SCHEMA - outputs the JSON schema.
# Docker Quick Guide
This guide gives you an understanding of the necessary components and what command line options need to be passed in order to run the MIRACL Trust RADIUS server docker image.
Assuming that you have your config files stored in a local directory such as
/home/user/miracl-radius-test/ (as explained in the
server configuration) you can now run:
docker run \ --network host \ --volume /home/user/miracl-radius-test/:/etc/miracl-radius \ miracl/radius:latest \ --configPath /etc/miracl-radius/config.yaml
As it is running on the host network (set by the option –network host), the service is accessible at port 1812, unless you change the default port in the config. If you want to share only the used port to the RADIUS server docker container instead of the whole host network, you can use the option -p 1812:1812:
docker run \ --publish 1812:1812/udp \ --volume /home/user/miracl-radius-dockertest/:/etc/miracl-radius \ miracl/radius:latest \ --configPath /etc/miracl-radius/config.yaml
If your RADIUS server sends accounting records to the MIRACL RADIUS server, you need to open port 1813:
docker run \ --publish 1812:1812/udp \ --publish 1813:1813/udp \ --volume /home/user/miracl-radius-dockertest/:/etc/miracl-radius \ miracl/radius:latest \ --configPath /etc/miracl-radius/config.yaml
If you want to use the environment variables to pass the RADIUS server configuration, there are two options:
- Use MIRACLRADIUS_CONFIGPATH to pass the path to the configuration:
export MIRACLRADIUS_CONFIGPATH=`/home/user/miracl-radius-test/config.yaml` docker run \ --network host \ --env MIRACLRADIUS_CONFIGPATH \ miracl/radius:latest
MIRACL Trust RADIUS server has a configuration dump functionality which allows
you to see the full config settings which your server started with. You can just
run the server with
-d option and specify which format you’d like to see the
full configuration. The following command outputs in yaml format the assembled
configuration the server starts up with:
docker run \ --network host \ --volume /home/user/miracl-radius-test/:/etc/miracl-radius \ miracl/radius:latest \ --configPath /etc/miracl-radius/config.yaml \ --dump yaml
See the SSH Demo Setup instructions for detailed instructions on getting a Docker container running which can be used to log into a separate ssh terminal.
# Restarting the Service
Every change of the configuration should be followed by a
restart of the
RADIUS server container (named
radius) in order to take effect:
docker restart radius
The RADIUS server could be uninstalled by just stopping and removing its docker container:
docker stop radius docker rm radius