After updating the trace settings, you have to define RADIUS configuration parameters in the
web.xml file.
The
web.xml file is typically located in the
<MFT Install>/server/webapps/cfcc/WEB-INF/web.xml directory. To configure RADIUS authentication, you must add the following parameters to the
web.xml file. These parameters should be placed with the other
context-param parameters before the
filter parameters.
See
Sample web.xml RADIUS Parameters for sample RADIUS
web.xml parameters.
Web.xml Parameter
|
Description
|
RADIUS-Enabled
|
Defines whether RADIUS authentication is enabled or disabled.
The valid values are as follows:
- True: RADIUS authentication is enabled and will replace MFT user ID and password authentication.
- False: RADIUS authentication is disabled. Standard MFT user ID and password authentication will be used. This is the default value.
|
RADIUS-PrimarySecret
|
Defines the primary RADIUS encrypted secret.
Note: This parameter is set by executing the
dbsettings utility and must be set before performing RADIUS authentication. It cannot be set manually.
|
RADIUS-PrimaryHost
|
Defines the IP address or IP name of the primary RADIUS server.
This parameter is required if RADIUS authentication is enabled.
|
RADIUS-PrimaryPort
|
Defines the IP port of the primary RADIUS server.
This parameter is required if RADIUS authentication is enabled.
|
RADIUS-PrimaryAdapterIP
|
Defines the IP address that will be used when communicating with the primary RADIUS server.
The default value of
0.0.0.0 indicates accepting responses over any adapter.
|
RADIUS-BackupSecret
|
Defines the backup RADIUS encrypted secret.
This parameter is required only if you want to communicate to a backup RADIUS server.
Note: This parameter is set by executing the
dbsettings utility and must be set before performing RADIUS authentication. It cannot be set manually.
|
RADIUS-BackupHost
|
Defines the IP address or IP name of the backup RADIUS server.
This parameter is required only if you want to communicate to a backup RADIUS server.
|
RADIUS-BackupPort
|
Defines the IP port of the backup RADIUS server.
This parameter is required only if you want to communicate to a backup RADIUS server.
|
RADIUS-BackupAdapterIP
|
Defines the IP address that will be used when communicating with the backup RADIUS server.
The default value of
0.0.0.0 indicates accepting responses over any adapter.
|
RADIUS-Synchronous
|
Defines whether communication to primary and backup RADIUS servers is synchronous or asynchronous.
The valid values are as follows:
- True: RADIUS authentication is synchronous. Communication to the RADIUS backup host will only be performed if communication to the RADIUS primary host times out.
- False: RADIUS authentication is asynchronous. Requests will be made to both RADIUS primary host and RADIUS backup host at the same time. MFT will use the first response that is received. This parameter is ignored if a RADIUS backup server is not defined.
|
RADIUS-Timeout
|
Defines the number of seconds the RADIUS client will wait for a response from the RADIUS server before the request times out and fails.
|
RADIUS-SpecialUsers
|
Defines the users that will be authenticated using standard MFT authentication in the event that RADIUS authentication fails.
You can define one or more MFT users separated by a semicolon.
|