--- title: RADIUS Challenge Collector node description: The RADIUS Challenge Collector node presents challenge messages to users, such as requesting a one-time password (OTP), and collects their response. This node works in conjunction with the RADIUS Decision node. component: auth-node-ref version: latest page_id: auth-node-ref::radius-challenge-collector canonical_url: https://docs.pingidentity.com/auth-node-ref/latest/radius-challenge-collector.html keywords: ["Nodes & Trees", "Journeys", "Authentication", "RADIUS"] superseded_by: https://docs.pingidentity.com/auth-node-ref/latest/radius-challenge-collector.html section_ids: example: Example availability: Availability inputs: Inputs dependencies: Dependencies configuration: Configuration outputs: Outputs callbacks: Callbacks outcomes: Outcomes errors: Errors --- # RADIUS Challenge Collector node The RADIUS Challenge Collector node presents challenge messages to users, such as requesting a one-time password (OTP), and collects their response. This node works in conjunction with the [RADIUS Decision node](radius-decision.html). Learn more in [RADIUS Authentication](https://docs.pingidentity.com/pingoneaic/am-authentication/radius-authentication.html). ## Example The following example shows how you can implement RADIUS authentication with Advanced Identity Cloud acting as the client: ![RADIUS authentication journey](_images/radius-journey.png) * The [Page node](page.html) with the [Platform Username node](platform-username.html) and [Platform Password node](platform-password.html) prompt the user for their credentials. * The [RADIUS Decision node](radius-decision.html) sends the user's credentials in an `Access-Request` packet to the configured RADIUS server. * If the RADIUS server responds with an `Access-Accept` packet, the user is successfully authenticated. * If the RADIUS server responds with an `Access-Reject` packet, authentication fails. * If the RADIUS server responds with an `Access-Challenge` packet, the [RADIUS Challenge Collector node](radius-challenge-collector.html) presents the challenge message to the user and collects their response. After the user has responded, the [RADIUS Decision node](radius-decision.html) sends another `Access-Request` packet to the RADIUS server, including the user's response. Depending on the RADIUS server's response to the second `Access-Request` packet, the user is either authenticated or denied access. ## Availability | Product | Available? | | ------------------------------------- | ---------- | | PingOne Advanced Identity Cloud | Yes | | PingAM (self-managed) | Yes | | Ping Identity Platform (self-managed) | Yes | ## Inputs The node reads the `radiusChallenge` object from the incoming node state to present the challenge message to the user. ## Dependencies Precede this node in the flow with a [RADIUS Decision node](radius-decision.html) to request authentication from the RADIUS server. ## Configuration This node has no configurable properties. ## Outputs The node adds the `radiusChallenge` object to the transient state. The `radiusChallenge` object includes the following information: ```json { "octets": "", "replyMessage": "", "response": "" } ``` Include the [RADIUS Decision node](radius-decision.html) after this node to send another `Access-Request` packet to the RADIUS server, including the user's response. ## Callbacks The node sends a [PasswordCallback](https://docs.pingidentity.com/pingoneaic/am-authentication/callbacks-interactive.html#PasswordCallback) to display the challenge message to the user and securely collect their response. ## Outcomes Single outcome path. ## Errors This node doesn't log any error or warning messages of its own.