Documents in OpenOTP Radius Bridge

Radius Bridge

1. Product Documentation This document is a configuration guide for OpenOTP Radius Bridge (RB). The reader should notice that this document is not a guide for installing and configuring OpenOTP or WebADM. Specific application guides are available through the RCDevs documentation website. 2. Product Overview OpenOTP Radius Bridge provides the RADIUS RFC-2865 (Remote Authentication Dial-in User Service) API for OpenOTP Authentication Server. Standalone, the OpenOTP server provides SOAP/XML and JSON interfaces over HTTP and HTTPS.

Backup & Restore

1. Introduction This document is intended to provide administrators with the best practices for maintaining RCDevs WebADM and related applications (such as OpenOTP Authentication Server). The reader should notice that this document is not a guide for installing WebADM and its applications. Specific guides are available through the RCDevs online documentation library on RCDevs Website. WebADM installations and usage manuals are not covered by this guide and are documented in the RCDevs WebADM Installation Guide and WebADM Administrator’s Guide available in RCDevs website.

Migration Guide

1. Overview This document is a migration guide for RCDevs products between two servers. The installation is not covered by this guide. 2. Requirements You need a root access to the old server and the new server. Products you want to migrate should be installed on the new server. 3. RCDevs Products This section covers these products: WebADM (webadm) Radius Bridge (radiusd) LDAP Bridge (ldproxy) Directory Server (slapd) Publishing Proxy (waproxy) HSMHub Server (hsmhubd) You need to use only the command lines for products installed on your server.

Virtual Appliance

RCDevs Virtual Appliance Startup Guide The RCDevs VMware Appliance is a standard and minimal CentOS 7 (64Bit) Linux installation with the RCDevs software packages already installed with yum. The Appliance contains the following (already configured) components: WebADM Server (installed in /opt/webadm/). WebADM Web Services: OpenOTP, SMSHub, OpenSSO, SpanKey, TiQR (installed in /opt/webadm/websrvs/). WebADM WebApps: SelfDesk, SelfReg, PwReset, OpenID (installed in /opt/webadm/webapps/). OpenOTP Radius Bridge (installed in /opt/radiusd/). RCDevs Directory Server (OpenLDAP in /opt/slapd/).

pfSense & OpenOTP

How To Enable OpenOTP Authentication on pfSense This document explains how to enable OpenOTP authentication with Radius Bridge and pfSense. 1. WebADM/OpenOTP/Radius Bridge For this recipe, you will need to have WebADM/OpenOTP installed and configured. Please, refer to WebADM Installation Guide and WebADM Manual to do it. You have also to install our Radius Bridge product on your WebADM server(s). 2. Register your pfSense in RadiusBridge On your OpenOTP RadiusBridge server, edit the /opt/radiusd/conf/clients.

WLAN EAP Authentication Radius

1. WebADM/OpenOTP/Radius Bridge For this recipe, you will need to have WebADM/OpenOTP installed and configured. Please, refer to WebADM Installation Guide and WebADM Manual to do so. You have also to install our Radius Bridge product on your WebADM server(s). For authentication, you have two possible mechanisms. Username and password authentication using EAP-TTLS Certificate authentication using EAP-TLS (Supported from WebADM 1.6.8 & Radius Bridge 1.3.6) The WLAN protocol used does not support challenge-response, so only Login Mode LDAP or LDAP + Simple Push authentication is supported.

ASA SSL VPN

1. WebADM/OpenOTP/Radius Bridge For this recipe, you will need to have WebADM/OpenOTP installed and configured. Please, refer to WebADM Installation Guide and WebADM Manual to do it. You have also to install our Radius Bridge product on your WebADM server(s). 2. Register your ASA SSL VPN in RadiusBridge On your OpenOTP RadiusBridge server, edit the /opt/radiusd/conf/clients.conf and add a RADIUS client (with IP address and RADIUS secret) for your ASA SSL VPN server.

F5 BIG-IP APM

1. WebADM/OpenOTP/Radius Bridge For this recipe, you will need to have WebADM/OpenOTP installed and configured. Please, refer to WebADM Installation Guide and WebADM Manual to do it. You have also to install our Radius Bridge product on your WebADM server(s). 2. Register your F5 VPN in RadiusBridge On your OpenOTP RadiusBridge server, edit the /opt/radiusd/conf/clients.conf and add a RADIUS client (with IP address and RADIUS secret) for your F5 VPN server.

Radius Attributes

How To Send a Radius Attributes with WebADM For this How-To, we start with a WebADM and a Radius Bridge up and running. 1. Sending a LDAP Value We select the user in WebADM and we click on WebADM settings: None [CONFIGURE]: We select OpenOTP and scroll down to RADIUS Options, we check the box and click on Edit: We select an attribute from a dictionary. We check that Gandalf-Phone-Number-1 attribute is present in Radius Bridge:

Juniper-Pulse

How To Enable OpenOTP Authentication On Juniper-Pulse Secure This document explains how to enable OpenOTP authentication with Radius Bridge and Juniper SSL VPN. 1. WebADM/OpenOTP/Radius Bridge For this recipe, you will need to have WebADM/OpenOTP installed and configured. Please, refer to WebADM Installation Guide and WebADM Manual to do it. You have also to install our Radius Bridge product on your WebADM server(s). 2. Register Your Juniper VPN In RadiusBridge On your OpenOTP RadiusBridge server, edit the /opt/radiusd/conf/clients.

Palo Alto

How To Enable OpenOTP Authentication in Palo Alto SSL VPN This document explains how to enable OpenOTP authentication in Palo Alto SSL VPN. 1. Register your Palo Alto VPN in RadiusBridge On your OpenOTP RadiusBridge server, edit the /opt/radiusd/conf/clients.conf and add a RADIUS client (with IP address and RADIUS secret) for your Palo Alto VPN server. Example: client <VPN Server IP> { secret = testing123 shortname = PaloAlto-VPN } 2.

NetIQ

1. WebADM/OpenOTP/Radius Bridge For this recipe, you will need to have WebADM/OpenOTP installed and configured. Please, refer to WebADM Installation Guide and WebADM Manual to do it. 2. NetIQ Installation and Initial Configuration We used the NetIQ appliance version 4.3 downloaded from the Microfocus website (trial version). ISO file name: AM_43_AccessManagerAppliance_Eval-0831.iso It’s SUSE Linux: netiqam:~ # cat /etc/SuSE-release SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 4 NetIQ Access Manager Appliance 4.