Types of Authentication Plug-Ins
You can configure the authentication plug-ins described in Table 1. Because authentication and authorization are similar, the plug-in user interface does not distinguish between them. However, when you configure plug-ins, you need to set them up to perform the correct behavior, either authentication or authorization.
You can configure multiple authentication plug-ins. The plug-ins are called in an arbitrary order, and each plug-in can return authorization values. (If multiple plug-ins return a session-timeout value, the smallest value is used.) Authentication or authorization succeeds if all plug-in calls succeed.
Table 1: Authentication Plug-Ins
Basic RADIUS authentication
Sends authentication information to an external RADIUS authentication server or a group of redundant servers.
Java class name—net.juniper.smgt.sae.plugin.RadiusAuthPluginEventListener
Custom RADIUS authentication
Provides customized functions that can also be found in the flexible RADIUS authentication plug-ins. Custom plug-ins are internal plug-ins that are designed to deliver better system performance than the flexible RADIUS plug-ins. You can extend this plug-in by using the RADIUS client library.
Java class name—net.juniper.smgt.sae.plugin.CustomRadiusAuth
Flexible RADIUS authentication
Performs the same functions as the basic RADIUS authentication plug-in, but also lets you customize RADIUS authentication packets that the SAE sends to RADIUS servers. You can specify which fields are included in RADIUS authentication packets and what information is contained in the fields.
Java class name—net.juniper.smgt.sae.plugin.FlexibleRadiusAuthPluginEventListener
Performs authentication against different directories using different authentication methods. There are two LDAP authentication plug-ins: one authenticates subscribers, and the second authenticates SRC administrators so that they can access the SAE Web Admin application.
Java class name of the subscriber authentication plug-in—net.juniper.smgt.sae.plugin.LdapAuthenticator
Java class name of the administrator authentication plug-in—net.juniper.smgt.sae.plugin.adminLdap
Limits the number of authenticated subscribers who connect to an IP interface on the router.
Java class name—net.juniper.smgt.sae.plugin.LimitNumSubscriberPerIntfAuthPluginListener