HYPR Documentation Portal

HYPR is the leading provider of True Passwordless Security with millions of users deployed across the Global 2000.

Shared secrets are the #1 cause of enterprise breaches, fraud and phishing attacks.

HYPR is the first Authentication Platform designed to eliminate passwords and shared secrets - effectively removing the hackers’ primary target while eliminating fraud, phishing and credential reuse for consumers and employees across the enterprise.

Setting up the RADIUS Server

The HYPR RADIUS server is created to facilitate authentication via the RADIUS protocol. The server software is a Java spring boot microservice that runs on port 9077.

Prerequisites

  1. Acquire a REDHAT or CENTOS 7+ server or virtual machine, port 9077 should be accessible

  2. Acquire RADIUS WAR file from artifactory - 3.6.0 war file location (restricted to HYPR Customer Solutions): https://r.hypr.com/artifactory/hypr-maven-dev/com/hypr/server/radius-server/3.6.0/radius-server-3.6.0.war

  3. Copy the RADIUS WAR file into the /opt/hypr directory

  4. Acquire and copy the RADIUS shell script called radius.sh and put it into the /opt/hypr directory

  5. Ensure that you have a running VAULT server

  6. Ensure that you have configured a VAULT namespace

  7. Ensure that you have a valid VAULT token

  8. Ensure that you are on HYPR Server 3.7 or higher

Startup Instructions

Follow the below instructions on how to deploy and configure the RADIUS server

  1. Go to the /opt/hypr directory on your server
  1. Start the RADIUS server by running ./radius.sh on the command line (located in HYPRRadiusServer->run folder)
  1. Enter the VAULT URL
  1. Enter the VAULT Token
  1. Enter the VAULT namespace
  1. Verify that the startup has completed
  1. Navigate to http://<your_host>:9077/radius/settings or if you have NGINX or a reverse proxy configured, just go to https://<your_host>/radius/settings
  1. Enter the provided configuration key and move to the “Configuration Settings” instructions below!

Configuration Settings

  1. Set the Local RADIUS Domain to 127.0.0.1 - This is used to verify that the RADIUS server is running properly.
  2. Set the local RADIUS secret for testing the RADIUS server. This should be a String value.
  1. Set the IP Addresses and the SECRETS of the clients that you expect to connect to this RADIUS server. The RADIUS server can support multiple clients such as VPN, VDI, and SSH PAM modules with individual secret values.
  1. Set the RADIUS timeout, this should “60000” which is 60 seconds.
  1. Set the HYPR Relying Party URL - This should be the URL of your HYPR server that you have been given or deployed yourself.
  1. Set the HYPR Relying Party App ID - This should be the app you configured in your HYPR FIDO Control Center.

  2. Set the proxy configuration if you require a proxy to communicate from the RADIUS server to the HYPR Server itself.

  1. Click Submit and Restart to submit the information and restart the RADIUS server. You should see a confirmation message once the server is restarted.

Validating RADIUS Functions

The HYPR RADIUS server comes with a local RADIUS client that is web based and can be used to test the RADIUS server functionality with the configured RP. Follow these instructions to make sure that the RADIUS server is successfully authenticating users.

  1. Go to the RADIUS server login page at https://<host_url>/radius/login on your browser

  2. Put in the username of a previously registered user with the relying party and app ID

  1. Authenticate on your mobile when you receive the PUSH notification
  1. See that the authentication is completed on your browser

This will confirm that your local RADIUS client is working. This RADIUS client uses the 127.0.0.1 Client IP address that’s configured earlier and the local RADIUS secret as well.

What’s Next?

Next up you should deploy your own RADIUS clients and configure your RADIUS server to work with those clients on the settings screen.

Updated 9 months ago

Setting up the RADIUS Server


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.