[Solved] RADIUS User Login Timeout

Unimus support forum
Post Reply
jlhuston
Posts: 3
Joined: Tue Jul 12, 2022 5:17 pm

Tue Jul 12, 2022 5:22 pm

We have integrated multi-factor authentication with our RADIUS solution. When using RADIUS to authenticate a user logging in to our Unimus web frontend, it times out too quickly for the user to reliably respond to the MFA prompt on their mobile device.

Is there a way to increase the timeout for RADIUS user authentication?
Vik@Unimus
Posts: 198
Joined: Thu Aug 05, 2021 6:35 pm

Tue Jul 12, 2022 5:44 pm

Sure thing, this timeout can be extended. Let me start with linking our Wiki on changing default timeouts

https://wiki.unimus.net/display/UNPUB/C ... t+timeouts

in this case, you are interested in the unimus.server.aaa.radius-timeout timeout. A good starting value which should provide just enough time, is 30 seconds (30000 ms)

-Dunimus.server.aaa.radius-timeout=30000

and, of course, you can adjust it however you see fit.

You can follow the link above on how to add them to the Unimus configuration file, but just as a note, you don't have to add those in the examples as well, just this one. After you adjust it, please restart Unimus service.

Give it a try and let me know if it helped.
jlhuston
Posts: 3
Joined: Tue Jul 12, 2022 5:17 pm

Tue Jul 12, 2022 6:52 pm

Well, it does and it doesn't (or at least, it seems to have an unintended side effect).

I set it to 30000ms, as you suggested and there was plenty of time to respond to the MFA prompt. However, after completing the MFA challenge, the UI then waited an additional 30 seconds before it moved into the Dashboard.

I then changed it to 10000ms and, after completing the MFA challenge, the UI then waited 10 seconds before moving to the Dashboard. This seems to match up with the timeout delay.

So, on the one hand, it works to give me the time to respond to the challenge. On the other, though, it seems to add in the same timeout as a delay before proceeding to the Dashboard.

I'm running version 2.2.3, by the way.
Vik@Unimus
Posts: 198
Joined: Thu Aug 05, 2021 6:35 pm

Tue Jul 12, 2022 7:07 pm

The reason you see this is caused by RADIUS either blocking or not responding to Radius Accounting Request, which is the second part of the process of authorization (and accounting) against a RADIUS server

Here's a link to our Wiki, including the explanation of the Radius Accounting Request, and why Unimus is waiting for the duration of the set timeout and what it does even if this specific request is not responded to

https://wiki.unimus.net/display/UNPUB/System+login
jlhuston
Posts: 3
Joined: Tue Jul 12, 2022 5:17 pm

Tue Jul 12, 2022 7:13 pm

Wow, two for you. We use a different accounting system and I forgot to add the Unimus server as a client there. Once I added that in and accounting packets were able to succeed, sign in had no delay.

Appreciate the assistance, Vik!
Vik@Unimus
Posts: 198
Joined: Thu Aug 05, 2021 6:35 pm

Tue Jul 12, 2022 7:37 pm

And right back at you, great catch. ;)
Post Reply