Related Documentation
- C Series
- Types of Internal Plug-Ins
- How Internal Plug-Ins Work
- Configuring Authentication Plug-Ins (SRC CLI)
- Limiting Subscribers on Router Interfaces (C-Web Interface)
- Configuring Basic RADIUS Authentication Plug-Ins (C-Web Interface)
- Configuring Flexible RADIUS Authentication Plug-Ins (C-Web Interface)
- Configuring Custom RADIUS Authentication Plug-Ins (C-Web Interface)
- Configuring LDAP Authentication Plug-Ins (C-Web Interface)
Types of Authentication Plug-Ins
You can configure the authentication plug-ins described in Table 1. Because authentication and authorization are similar, the plug-in user interface does not distinguish between them. However, when you configure plug-ins, you need to set them up to perform the correct behavior, either authentication or authorization.
You can configure multiple authentication plug-ins. The plug-ins are called in an arbitrary order, and each plug-in can return authorization values. (If multiple plug-ins return a session-timeout value, the smallest value is used.) Authentication or authorization succeeds if all plug-in calls succeed.
Table 1: Authentication Plug-Ins
Plug-In | Description |
|---|---|
Basic RADIUS authentication | Sends authentication information to an external RADIUS authentication server or a group of redundant servers. Java class name—net.juniper.smgt.sae.plugin.RadiusAuthPluginEventListener |
Custom RADIUS authentication | Provides customized functions that can also be found in the flexible RADIUS authentication plug-ins. Custom plug-ins are internal plug-ins that are designed to deliver better system performance than the flexible RADIUS plug-ins. You can extend this plug-in by using the RADIUS client library. Java class name—net.juniper.smgt.sae.plugin.CustomRadiusAuth |
Flexible RADIUS authentication | Performs the same functions as the basic RADIUS authentication plug-in, but also lets you customize RADIUS authentication packets that the SAE sends to RADIUS servers. You can specify which fields are included in RADIUS authentication packets and what information is contained in the fields. Java class name—net.juniper.smgt.sae.plugin.FlexibleRadiusAuthPluginEventListener |
LDAP authentication | Performs authentication against different directories using different authentication methods. There are two LDAP authentication plug-ins: one authenticates subscribers, and the second authenticates SRC administrators so that they can access the SAE Web Admin application. Java class name of the subscriber authentication plug-in—net.juniper.smgt.sae.plugin.LdapAuthenticator Java class name of the administrator authentication plug-in—net.juniper.smgt.sae.plugin.adminLdap |
Limiting subscribers | Limits the number of authenticated subscribers who connect to an IP interface on the router. Java class name—net.juniper.smgt.sae.plugin.LimitNumSubscriberPerIntfAuthPluginListener |
Related Documentation
- C Series
- Types of Internal Plug-Ins
- How Internal Plug-Ins Work
- Configuring Authentication Plug-Ins (SRC CLI)
- Limiting Subscribers on Router Interfaces (C-Web Interface)
- Configuring Basic RADIUS Authentication Plug-Ins (C-Web Interface)
- Configuring Flexible RADIUS Authentication Plug-Ins (C-Web Interface)
- Configuring Custom RADIUS Authentication Plug-Ins (C-Web Interface)
- Configuring LDAP Authentication Plug-Ins (C-Web Interface)
