IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1

Configuring the RADIUS Client settings

Use the IMS Configuration Utility to specify the RADIUS Client settings. The settings include name, client secret, vendor-specific attributes, default unregistered user realm of RADIUS and enabling RADIUS challenge-response.

Procedure

  1. Log on to the IMS Configuration Utility.
  2. Navigate to Advanced Settings > AccessAdmin > User authentication > RADIUS server > Add configuration group.
  3. Select Radius Client from the list.
  4. Click Configure.
  5. Complete the following fields:
    Option Description
    Name Enter the name of the new client.
    Client secret Enter the shared secret that encrypts communication between the RADIUS client and server.
    Vendor-specific attributes Enter the RADIUS attributes returned on successful authentication.

    Click Add.
    Resolvable address of the client Enter the IP address or FQDN of the host that is listed as RADIUS client.
    Default unregistered user realm of RADIUS Enter the name of the default unregistered user realm for this RADIUS server.
    Enable RADIUS challenge-response Specify whether to enable RADIUS Challenge-Response for this VPN server.
    Default Challenge message on VPN user interface Enter the RADIUS Challenge message that the user sees on the VPN user interface.
    GSM-SMS Channel Challenge message on the VPN user interface Enter the RADIUS challenge message that the user sees on the VPN user interface if the MAC is sent by using an SMS gateway. For example, Web-based SMS message connector.

    Do this step only if MAC is enabled.
    E-mail Channel Challenge message on the VPN user interface Enter the RADIUS challenge message that the user sees on the VPN user interface if the MAC is sent by using an email gateway. For example, email message connector.

    Do this step only if MAC is enabled.
    Retry challenge message on VPN user interface Enter the RADIUS Challenge message that the user sees on the VPN user interface.
    MAC SMS or e-mail subject Enter the template of the SMS or email message the user receives with the MAC in it.
    Initial challenge-response authentication factor Specify the authentication factor.
    MAC SMS or e-mail content Enter the template of the SMS or email message the user receives with the MAC in it.
    Allow non-IMS users Select No.

    This option prevents unregistered users from authenticating with the use of this VPN Server.
    Re-prompt users for MAC after a failure Specify whether to prompt users to reenter a MAC if it is not entered correctly.

    The user receives a prompt until the account is locked.
  6. Click Add.
Parent topic: Configuring user authentication

Feedback