The CLIENTS > RADIUS tab page shows RADIUS-specific settings.
This tab is available only for RADIUS clients.
| Field name | Description |
|---|---|
Shared Secret | The RADIUS shared secret between OneSpan Authentication Server and the RADIUS client. |
Confirm Shared Secret | Allows confirmation of a new shared secret. |
Character Encoding | Encoding/locale format required by the RADIUS server. If your RADIUS server requires the password field to be in a specific encoding/locale format other than UTF-8, set this field to convert all RADIUS packets accordingly, otherwise authentication requests will be rejected. In most environments, all hosts have the same encoding format. In this case, you need to set the encoding type to @LOCALE@. Otherwise, set the character encoding to the required format, e.g. CP850. Default setting: UTF-8 |
| Message-Authenticator Validation | This setting determines whether OneSpan Authentication Server should strictly validate the Message-Authenticator attribute in all Access request packets received from the client component (according to RFC 2869). The Message-Authenticator attribute is used to sign access requests to prevent request spoofing. If OneSpan Authentication Server receives an Access-Request packet with a Message-Authenticator attribute, it calculates the correct value of it and discards the packet if it does not match the value sent. This attribute validation helps to mitigate a forgery vulnerability in the RADIUS protocol commonly referred to as Blast-RADIUS (see www.blastradius.fail). You should enable this setting whenever possible. Note that OneSpan Authentication Server always includes Message-Authenticator attributes in all outgoing Access response packets. Default setting: Enabled |
The syntax and rules for configuring character encoding for RADIUS servers also apply here (see BACK-END – RADIUS (tab)).