Assuming the EasyAccess server has been deployed properly, it is time to setup a authentication valve.
With this config you can add EasyAccess to most standard RADIUS portals, you will have to login using something like this:
Username: secure-online
Password: VerySectet!!654321 (last 6 digits is the generated OTP)
Adding a RADIUS Scenario is pretty straight forward. Go to: “Scenarios -> RADIUS -> Username and Password” And add a new one by clicking on the + sign. Give it a name, user database, user search base and specify a RADIUS connection.
When added the execution flow looks like this:
In order to use both the password and the OTP from the password field we need to take them apart. Let’s add two additional Valve’s:
- PropertySplitByIndexValve
- TokenValidationValve
The cofiguration for these two valves is as follows:
PropertySplitByIndexValve
Source: {{request.User-Password}}
Destination Attribute One: password
Destination Attribute Two: otp
Position: -6 (If you use a different amout of digits in the OTP use this!)
Destination Item: data_item
TokenValidationValve
Username Parameter: User-Name
Provided OTP Parameter: {{attributes.otp}}
HOTP Lookahead Value: 20
TOTP Max Drift Count: 10
Next, we need to update the LDAPBindValve to use the new password attribute:
LDAPBindValve
Connection: <current connection>
Password: {{attributes.password}}
As final task, we need to move the new valve’s to the right position. When done, it should look like this:
