You can enable RADIUS authentication in the PingFederate administrative console.
In this multi-factor console authentication use case, the PingFederate administrative console is a RADIUS client that calls the local RADIUS server bundled in the PingID Password Credential Validator (PCV) for the second factor authentication.
For a clustered PingFederate environment, perform these steps on the console node.
file in a text editor and set the pf.console.authentication property
Obfuscate the Client Shared Secret value using a PingFederate command-line tool.
Windows: <pf_install>\pingfederate\bin\obfuscate.bat clientSharedSecret
Linux: <pf_install>/pingfederate/bin/obfuscate.sh clientSharedSecret
The output should be a long line of text.
- Copy the output for the next step.
file in a text editor and modify as follows.
host=<host> shared.secret=obfuscatedClientSharedSecret timeout=10000Tip:
For a clustered PingFederate environment, the host value must be a runtime engine IP address or a hostname.
The timeout value is the number of milliseconds to wait for the second authentication factor to complete before timing out the login attempt. In this use case, ten seconds, or
10000ms, should be sufficient for PingID.
In addition, assign one or more RADIUS users or designated RADIUS groups to at least one of the PingFederate administrative roles as indicated in the radius.properties file. Alternatively, you can set the use.ldap.roles property to
trueand use the LDAP properties file, ldap.properties in the same bin directory, to map LDAP group-based permissions to PingFederate roles.
- Save your changes, and restart PingFederate.