- authorize to radius using OIDC connection.
- Password sync with access token(if token expired then pasword also expired)
- during refresh token, password will be updated.
- password can be used only once
- build and run keycloak (select one of installation)
1.1 docker installation
1.2 release installation
docker run -p 8090:8080 -p 8190:8190 -p1812:1812/udp -p1813:1813/udp -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -e DEBUG=true -e DEBUG_PORT=*:8190 -v `pwd`/.:/example -e KEYCLOAK_ADMIN_IMPORT=/example/Realm.json vassio/keycloak-radius-plugin start-dev- download and unzip keycloak-radius.zip (https://github.com/vzakharchenko/keycloak-radius-plugin/releases) - unzip keycloak-radius.zip -d keycloak-radius - cd keycloak-radius - sh bin/standalone.sh -Dkeycloak.profile.feature.upload_scripts=enabled -c standalone.xml -b 0.0.0.0 -Djboss.bind.address.management=0.0.0.0 --debug 8190 -Djboss.http.port=8090
1.3 Develop installationsudo apt-get install net-tools # Only once cd keycloak ./init.sh # Only once ./buildAndStart.sh
- open http://localhost:8090/auth/ and initialize master realm with login/password.
- open Administration Console
- import realm from file Realm.json
- add User test/test for realm oneTimePassword
- install example
cd Examples/OneTimePasswordJSExample npm i node server.js
- open http://localhost:3000/
- type login and password(test/test)
- click the "connect To Radius Server"
- Press Once - "SUCCESS"
- all other clicks - "REJECT"
- If you wait 5 mins - "REJECT"