(Current Version Version 3.50e May 25, 2022 )
The AXL RADIUS Server API (application programming interface) is a complete implementation of the RADIUS protocol as described by the IETF (Internet Engineering Task Force) in several RFC’s (Requests for Comment).
Note: although V4 of the server has been released V3 will be available for quite some time for those who prefer the older API. Applicable internal improvements will be applied to V3 to keep it up to date with updated and new RFC’s.
Requires JDK 8 or greater.
RADIUS (Remote Authentication Dial In User Service) is a standard protocol for authentication, authorization, and accounting that is widely used throughout the industry. The AXL Server API is compatible with RFC compliant RADIUS servers. And flexible enough to play well with many non-compliant clients!
What it can do for you: It is a full RADIUS server that can authenticate, account, and proxy. The programming interface allows you to perform authentication and accounting methods using any method by which Java can access the world, databases, LDAP, flat files, URL’s. Think of it as an application server with the authentication, accounting, and proxy systems as handlers. Like application servers the handlers provide wide access to the server, the packets, and in the case of the authentication handler to many authentication methods.
There are methods to perform the mechanics of authentication (PAP, CHAP, MS-CHAP, LEAP, etc.) but you must write code that implements policy on which authentication method to use and what attributes to return.
What it does not do for you: It is not a turn key server. It is a programming interface to a RADIUS server. While it performs all the functions of a RADIUS server it does not configure itself from files or databases, it has no knowledge of who may log on, and no control over policy concerns.
You must provide programming to read configuration files or databases to populate the client tables, forwarding server tables, and configure the server itself (like port, address, and server name). You must provide code to handle authentication, authentication policy, and accounting.
A simple RADIUS server example is provided to illustrate how you might configure and run the AXL RADIUS Server API.
Get a demonstration version of the AXL RADIUS Server API.
- Includes a RADIUS client integrated into the server.
(A stand alone client can be purchased with the server)
- Separate accounting and authentication threads can be started independently.
- Extensive Vendor-Specific attribute support
- Vendor-Specific support is available for any VSA (Vendor Specific Attribute) for which there is a Livingston style dictionary
- Proxying fully supported
- Dynamic processing using your own classes for authentication, accounting, proxy, and client (NAS) control
- Dynamic proxying – route any packet anywhere based on policy or RADIUS packet attributes
- Built in authentication methods for PAP, CHAP, MSCHAP, MSCHAP V2, EAP-MD5, and LEAP, Digest (SIP/HTTP)
- RADIUS Session thread pool for faster processing
- Fast duplicate packet detection
- EAP-Message and Message-Authenticator support
- Dynamically adjustable packet sizes
- Extended Message Types: message types beyond Access-Request, Access-Accept, Access-Reject, Access-Challenge, Accounting-Request & Accounting-Response. Packet types like Password_Request, Change_Filters_Request, Accounting_Status and any other packet type are supported
- Not vulnerable to common RADIUS security buffer overflow problems reported by CERT (like those written in C/C++)
- SNMP is supported. SNMP V2 can be enabled or disabled
Programmers can send TRAP messages
- The RADIUS server is fully compliant with RFC 2865 (Authentication) and RFC 2866 (Accounting) and supports other RADIUS related RFC’s.
- Source code is well commented
- Disconnect & Change of Authorization messages are supported in the client and server as described in RFC 3576 ‘Dynamic Authorization Extensions to RADIUS’
- Long tag support for Vendor-Specific attributes (e.g. Ascend). Both the traditional 8 bit attribute tags and 16 bit tags are supported
- RADIUS dictionaries are supported and used by the server (currently the FreeRadius format is supported). You can create your own internal dictionaries with whatever Vendor support you need to use or distribute
- Works with IPV4 and IPV6