AM as a RADIUS client
The following diagram illustrates the flow of packets between AM (the RADIUS client) and the RADIUS server during an authentication conversation, where the RADIUS server requests a one-time password (OTP) from the user:
All conversations between AM and the RADIUS server are secured with a shared secret (mapped to the am.authentication.nodes.radius.identifier.secret label).
Configure RADIUS authentication
AM provides two authentication nodes to handle RADIUS authentication, where AM is acting as a RADIUS client:
- RADIUS Decision node
-
The RADIUS Decision node performs authentication with the RADIUS server.
The node performs the following actions:
-
Sends an
Access-Requestpacket to the RADIUS server to initiate the authentication request. -
Handles the RADIUS server’s response to determine the outcome of the authentication attempt.
-
Sends additional
Access-Requestpackets if the RADIUS server responds with anAccess-Challengepacket requesting more information from the user.
-
- RADIUS Challenge Collector node
-
The RADIUS Challenge Collector node presents challenge messages to users, such as requesting an OTP, and collects their response.
Create a journey using these nodes to implement RADIUS authentication:
Learn more in the RADIUS authentication example.