Install Windows RADIUS proxy

Installing the RADIUS proxy is an intuitive process that utilizes an Installation Wizard to assist you. You must complete the prerequisites before following the below steps.

Install the ForgeRock RADIUS proxy on Windows

Right-click on the ForgeRock Radius Agent.exe file and select Run as administrator.

The installation wizard opens.

The file name of the RADIUS proxy is subject to change from the download. If you do not run the executable as an administrator, the installation will fail.
On the Welcome screen, click Next.
On the Custom Setup screen, click Next.
On the Destination Folder screen, click Next.
On the Logon Information screen, enter the service account user credentials for the service account using the ForgeRock RADIUS service. Make sure the syntax for the username is Domain\Username. For more information on the privileges required for this account, refer to prerequisites.

If the machine is not a part of a domain, then the domain for the service account user is the machine name.

On the Agent Parameters page, configure the required settings:

Enter the relevant URL. For example, http://<tenant-env-fqdn>/openam.

Enter the relevant Realm. For example, /alpha.

Ensure to prefix the realm with /.

If the account does not have sufficient privileges or if the credentials are incorrect, an error screen might be presented during the final stages of the installation.

install radius proxy service account error

Enter the Journey field for the selected authentication method:
- Push (for example, push-radius)
  
  For an example of a push journey (used with the ForgeRock Authenticator application), refer to Example of a push journey.
- TOTP (for example, otp-radius)
  
  For an example of a TOTP/OATH journey (used with the ForgeRock Authenticator application), refer to Example of a TOTP/OATH journey.
  
  Your RADIUS client must be able to support the exchange of the TOTPs from ForgeRock journey > RADIUS proxy > RADIUS client and conversely for the TOTP (OATH) method to work.
- Simple (for example, simple-radius)
  
  Example of simple journey in Identity Cloud
  
  Figure 1. Simple authentication journey in Identity Cloud
  
  Example of simple journey in Access Management
  
  Figure 2. Simple authentication journey in Access Management

You can only configure one journey and one authenticator method. The journey entered will correspond to the authenticator method selected in subsequent steps.

Review the default values in the Radius Server section of the Agent Parameters screen, and if necessary, change them.

The IP Address field can consist of two values; the default value127.0.0.1 (localhost) and 0.0.0.0.

Change the IP Address to 0.0.0.0 to allow the Windows RADIUS proxy to listen on all interfaces.
The default Port is 1812 (via UDP). Change if necessary.

Input a value into the Secret field that is strong and complex. Take note of the secret, as it might be needed when configuring your RADIUS client to the RADIUS proxy. The Secret value appears to be pre-populated, but it is not.

Ensure that the RADIUS client you are configuring with the Windows RADIUS proxy allows the characters in the Secret field. For instance, some RADIUS clients can not process special characters.

Review the settings in the Authenticator section of the Agent Parameters screen and verify they match the authenticator type and method you configured. If necessary, you can correct the Authenticator configuration by selecting the correct settings from the drop-down lists.
To begin the installation, click Install.

A status bar is displayed during the installation process.
To exit the installation wizard, click Finish.

Once you have completed the installation of the RADIUS proxy, proceed to the post-installation steps.

Enterprise Connect

Install Windows RADIUS proxy