We have integrated multi-factor authentication with our RADIUS solution. When using RADIUS to authenticate a user logging in to our Unimus web frontend, it times out too quickly for the user to reliably respond to the MFA prompt on their mobile device.
Is there a way to increase the timeout for RADIUS user authentication?
[Solved] RADIUS User Login Timeout
-
- Posts: 198
- Joined: Thu Aug 05, 2021 6:35 pm
Sure thing, this timeout can be extended. Let me start with linking our Wiki on changing default timeouts
https://wiki.unimus.net/display/UNPUB/C ... t+timeouts
in this case, you are interested in the unimus.server.aaa.radius-timeout timeout. A good starting value which should provide just enough time, is 30 seconds (30000 ms)
-Dunimus.server.aaa.radius-timeout=30000
and, of course, you can adjust it however you see fit.
You can follow the link above on how to add them to the Unimus configuration file, but just as a note, you don't have to add those in the examples as well, just this one. After you adjust it, please restart Unimus service.
Give it a try and let me know if it helped.
https://wiki.unimus.net/display/UNPUB/C ... t+timeouts
in this case, you are interested in the unimus.server.aaa.radius-timeout timeout. A good starting value which should provide just enough time, is 30 seconds (30000 ms)
-Dunimus.server.aaa.radius-timeout=30000
and, of course, you can adjust it however you see fit.
You can follow the link above on how to add them to the Unimus configuration file, but just as a note, you don't have to add those in the examples as well, just this one. After you adjust it, please restart Unimus service.
Give it a try and let me know if it helped.
Well, it does and it doesn't (or at least, it seems to have an unintended side effect).
I set it to 30000ms, as you suggested and there was plenty of time to respond to the MFA prompt. However, after completing the MFA challenge, the UI then waited an additional 30 seconds before it moved into the Dashboard.
I then changed it to 10000ms and, after completing the MFA challenge, the UI then waited 10 seconds before moving to the Dashboard. This seems to match up with the timeout delay.
So, on the one hand, it works to give me the time to respond to the challenge. On the other, though, it seems to add in the same timeout as a delay before proceeding to the Dashboard.
I'm running version 2.2.3, by the way.
I set it to 30000ms, as you suggested and there was plenty of time to respond to the MFA prompt. However, after completing the MFA challenge, the UI then waited an additional 30 seconds before it moved into the Dashboard.
I then changed it to 10000ms and, after completing the MFA challenge, the UI then waited 10 seconds before moving to the Dashboard. This seems to match up with the timeout delay.
So, on the one hand, it works to give me the time to respond to the challenge. On the other, though, it seems to add in the same timeout as a delay before proceeding to the Dashboard.
I'm running version 2.2.3, by the way.
-
- Posts: 198
- Joined: Thu Aug 05, 2021 6:35 pm
The reason you see this is caused by RADIUS either blocking or not responding to Radius Accounting Request, which is the second part of the process of authorization (and accounting) against a RADIUS server
Here's a link to our Wiki, including the explanation of the Radius Accounting Request, and why Unimus is waiting for the duration of the set timeout and what it does even if this specific request is not responded to
https://wiki.unimus.net/display/UNPUB/System+login
Here's a link to our Wiki, including the explanation of the Radius Accounting Request, and why Unimus is waiting for the duration of the set timeout and what it does even if this specific request is not responded to
https://wiki.unimus.net/display/UNPUB/System+login