Ceptor Docs

Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Ceptor has support for a RADIUS Server and client that currently supports PAP authentication and accounting requests. CHAP and two-factor authentication is being tested at the moment, having user administration through the Ceptor user database.


  • Behavior can be controlled fully via scripts - can be used for deciding which MFA authentication factors to offer which users based upon any attributes in the incoming AccessRequest
  • Full Challenge support for prompting users in multiple steps.
  • No stickiness required - all instances can take part in a regular clustered Ceptor installation.
  • Full access to request/response package content, allowing scripts to manipulate full packet content, including all possible attributes.
  • Supports Multifactor (MFA) Authentication Methods, allowing user to choose between multiple methods, or allowing specific users / groups access to a subset based upon any attribute/user role etc.
  • Combined with Ceptor Authentication Plugins, supports advanced types of authentication, such as Azure MFA.
  • Built-in radius client supporting e.g. PAP, CHAP, MSCHAPv2 protocols for proxying requests to remote radius servers.
  • Shared secret configurable per client

Launcher Configuration

In order to get the RADIUS Server started the radius service should be configured in the ceptor_launch.xml. The radius server does not require its own JVM to run, so if the existing capacity can handle it, it could as an example be a service defined in the session controller classloader/JVM – for example like this: