Installation

# Create a RADIUS app in the portal

First log into the MIRACL Trust authentication portal, click on the ‘Apps’ link in the dashboard and create a new RADIUS app:

add app

In the portal, when you create a new app, you will be issued with your Client ID and Client Secret. Note that your Client Secret will only be issued to you once so it must be grabbed when first displayed:

client secret

Client ID can then be copied at any time from the app settings screen:

app settings page

Any end users wishing to make use of your RADIUS app must visit the OTP url displayed in the Registration Link above. This is explained in the OTP generation page.

Note also that you can configure the login methods to specify whether your users can generate One Time Passwords directly in their desktop browser, in the mobile app (QR Code), or both.

# MIRACL Trust RADIUS server installation

This page gives you guidance on using the MIRACL Trust Radius server Docker image. To get the miracl/radius docker image that is referenced in the following section, please contact MIRACL.

These instructions assume that you have already setup your RADIUS server configuration. Please see the Generic client setup info and the ssh and OpenVPN demo setup instructions for detailed guidance on configuring the product for use.

# Environment Variables

The following environment variables are available:

  • MIRACLRADIUS_CONFIGPATH - sets the configuration file to start the service with.
  • MIRACLRADIUS_LOGLEVEL - sets the Log level to be one of EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFO or DEBUG.
  • MIRACLRADIUS_DUMP - if set to JSON or YAML, outputs the full configuration, if set to SCHEMA - outputs the JSON schema.

# Docker quick quide

What follows is a quick step-by-step guide to getting a test Docker container running, which should give you an understanding of the necessary components and what command line options need to be passed in order to run the MIRACL Trust RADIUS server docker image.

Assuming that you have your config files stored in a local directory such as /home/user/miracl-radius-test/ (as explained in the server configuration) you can now run:

docker run --name=radius --network host -v /home/user/miracl-radius-test/:/etc/miracl-radius miracl/radius:latest -c /etc/miracl-radius/config.yaml

As it is running on the host network (set by the option –network host), the service will be accessible at port 1812, unless you have changed the default port in the config. If you want to share only the used port to the RADIUS server docker container instead of the whole host network, you could do it by the option -p 1812:1812:

docker run --name=radius -p 1812:1812/udp -v /home/user/miracl-radius-dockertest/:/etc/miracl-radius miracl/radius:latest -c /etc/miracl-radius/config.yaml

Note that if your RADIUS server sends accounting records to the MIRACL RADIUS server, you need to open port 1813 too:

docker run --name=radius -p 1812:1812/udp -p 1813:1813/udp -v /home/user/miracl-radius-dockertest/:/etc/miracl-radius miracl/radius:latest -c /etc/miracl-radius/config.yaml

If you want to use the environment variables to pass the RADIUS server configuration, there are two options:

  • Use MIRACLRADIUS_CONFIGPATH to pass the path to the configuration:
export MIRACLRADIUS_CONFIGPATH=`/home/user/miracl-radius-test/config.yaml`
docker run --name=radius --network host -it --rm -e MIRACLRADIUS_CONFIGPATH miracl/radius:latest

MIRACL Trust RADIUS server has a configuration dump functionality which allows you to see the full config settings which your server will be started with. You could just run the server with -d option and specify which format you’d like to see the full configuration. The following command outputs in yaml format the assembled configuration the server will be run with that config file:

docker run --name=radius --network host -v /home/user/miracl-radius-test/:/etc/miracl-radius miracl/radius:latest -c /etc/miracl-radius/config.yaml -d yaml

Please see the SSH Demo Setup instructions for detailed instructions on getting a Docker container running which can be used to log into a separate ssh terminal.

# Restarting the service

Every change of the configuration should be followed by a restart of the RADIUS server container (named radius) in order to take effect:

docker restart radius

# Uninstallation

The RADIUS server could be uninstalled by just stopping and removing its docker container:

docker stop radius
docker rm radius