Types of Authentication Plug-Ins

You can configure the authentication plug-ins described in Table 11. Because authentication and authorization are similar, the plug-in user interface does not distinguish between them. However, when you configure plug-ins, you need to set them up to perform the correct behavior, either authentication or authorization.

You can configure multiple authentication plug-ins. The plug-ins are called in an arbitrary order, and each plug-in can return authorization values. (If multiple plug-ins return a session-timeout value, the smallest value is used.) Authentication or authorization succeeds if all plug-in calls succeed.

Table 11: Authentication Plug-Ins

Plug-In

Description

Basic RADIUS authentication

Sends authentication information to an external RADIUS authentication server or a group of redundant servers.

Java class name—net.juniper.smgt.sae.plugin.RadiusAuthPluginEventListener

Custom RADIUS authentication

Provides customized functions that can also be found in the flexible RADIUS authentication plug-ins. Custom plug-ins are internal plug-ins that are designed to deliver better system performance than the flexible RADIUS plug-ins. You can extend this plug-in by using the RADIUS client library.

Java class name—net.juniper.smgt.sae.plugin.CustomRadiusAuth

Flexible RADIUS authentication

Performs the same functions as the basic RADIUS authentication plug-in, but also lets you customize RADIUS authentication packets that the SAE sends to RADIUS servers. You can specify which fields are included in RADIUS authentication packets and what information is contained in the fields.

Java class name—net.juniper.smgt.sae.plugin.FlexibleRadiusAuthPluginEventListener

LDAP authentication

Performs authentication against different directories using different authentication methods. There are two LDAP authentication plug-ins: one authenticates subscribers, and the second authenticates SRC administrators so that they can access the SAE Web Admin application.

Java class name of the subscriber authentication plug-in—net.juniper.smgt.sae.plugin.LdapAuthenticator

Java class name of the administrator authentication plug-in—net.juniper.smgt.sae.plugin.adminLdap

Limiting subscribers

Limits the number of authenticated subscribers who connect to an IP interface on the router.

Java class name—net.juniper.smgt.sae.plugin.LimitNumSubscriberPerIntfAuthPluginListener

Related Documentation