RADIUS Challenge Collector node

RAPID only

The RADIUS Challenge Collector node presents challenge messages to users, such as requesting a one-time password (OTP), and collects their response. This node works in conjunction with the RADIUS Decision node.

Learn more in RADIUS Authentication.

Example

The following example shows how you can implement RADIUS authentication with Advanced Identity Cloud acting as the client:

The Page node with the Platform Username node and Platform Password node prompt the user for their credentials.
The RADIUS Decision node sends the user’s credentials in an Access-Request packet to the configured RADIUS server.
- If the RADIUS server responds with an Access-Accept packet, the user is successfully authenticated.
- If the RADIUS server responds with an Access-Reject packet, authentication fails.
- If the RADIUS server responds with an Access-Challenge packet, the RADIUS Challenge Collector node presents the challenge message to the user and collects their response.
  
  After the user has responded, the RADIUS Decision node sends another Access-Request packet to the RADIUS server, including the user’s response.
  
  Depending on the RADIUS server’s response to the second Access-Request packet, the user is either authenticated or denied access.

Availability

Product	Available?
PingOne Advanced Identity Cloud	Yes
PingAM (self-managed)	Yes
Ping Identity Platform (self-managed)	Yes

Product

Available?

PingOne Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

The node reads the radiusChallenge object from the incoming node state to present the challenge message to the user.

Dependencies

Precede this node in the flow with a RADIUS Decision node to request authentication from the RADIUS server.

Configuration

This node has no configurable properties.

Outputs

The node adds the radiusChallenge object to the transient state.

The radiusChallenge object includes the following information:

{
  "octets": "<binary bytes received from the RADIUS server that represents the state information>",
  "replyMessage": "<challenge message from the RADIUS server>",
  "response": "<challenge response from the user>"
}

Include the RADIUS Decision node after this node to send another Access-Request packet to the RADIUS server, including the user’s response.

Outcomes

Single outcome path.

Errors

This node doesn’t log any error or warning messages of its own.

Authentication nodes