RADIUS based MFA – How to Configure in XTAM
XTAM supports integration with MFA providers that utilize the RADIUS Authentication protocol. This FAQ article will describe how to proceed with the configuration in XTAM, but please note that you will need to know the specific values to use. If you do not know the specific configuration of your RADIUS based provider, please contact your Administrator or the Vendor for further assistance.
Configure XTAM with the Federated Sign-In module and ensure that it is working properly.
Log on to the XTAM host computer.
Stop the PamManagement (Windows) or the pammanager (Linux) service. XTAM will be offline until this procedure is completed.
Open the file <XTAM_HOME>/web/conf/catalina.properties and add the following lines to this file, inputting your MFA specific values (marked in red bold) where applicable:
cas.authn.mfa.globalProviderId=mfa-radius cas.authn.mfa.radius.client.sharedSecret=secret cas.authn.mfa.radius.client.authenticationPort=1812 cas.authn.mfa.radius.client.accountingPort=1813 cas.authn.mfa.radius.client.inetAddress=localhost cas.authn.mfa.radius.server.protocol=CHAP (options include PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5, EAP-MSCHAPv2) cas.authn.mfa.radius.name=XTAM-Trigger ** This line should only be added if your are using a Push based RADIUS provider. For example, if a user first authenticates with their username and password and then receives a token to their device, then add this line. Otherwise, do not include this line in your configuration.
When complete, save and close this file.
Start the PamManagement (Windows) or the pammanager (Linux) service and try your RADIUS two-factor authentication login.