Table of Contents

System Flow Example: RADIUS

Note

This article explains the internal flow of an authentication request made by a Firewall, typically a VPN login. Please note that this is a logical explanation. No configuration is explained here.

System setup

The system is set up to listen for authentication requests from a defined firewall on port 1812. A single PhenixID server node will handle all authentication.

Deployed modules apart from the default modules are the RADIUS module, in order to communicate with the firewall.

Request - Response

The request is sent from the firewall to the PhenixID server with the request to authenticate the user. Within the request the user has provided their user name and password. The RADIUS module accepts the request and translates the request from a RADIUS format to an internal format. Since no data validation/user authentication is done at RADIUS module, the translated request is sent down to the event/message bus with the target of "data manipulation" module, PIPES (com.phenixidentity~phenix-pipes).

Once the request is put on the event bus the RADIUS module is ready to serve the next external request from any client.

The PIPES module receives the translated request and handles it according to current configuration. On the end of execution, PIPES module responds to the requestor with OK/NO OK depending of the outcome. Additional data may also be added to the response. The response is most often send back to the original requestor, the FW in this case.

The RADIUS module interprets the response from PIPES module and act accordingly, sends accept/reject to the FW in this case.

flowchart LR
    subgraph Request
        direction TB
        RequestParameters["Key - Value
        Key - Value
        Key - Value"]
    end
    subgraph Pipe
        direction LR
        subgraph Valves
            Valve1[Valve] --> Valve2[Valve]
            Valve2 --> Valve3[Valve]
            Valve3 --> Valve4[Valve]
        end
        subgraph PipeFlow[Flow]
            direction TB
            PipeFlowContext[Context]
        end
        Valve1 -.-> PipeFlow
        Valve2 -.-> PipeFlow
        Valve3 -.-> PipeFlow
        Valve4 -.-> PipeFlow
    end
    subgraph Response
        direction TB
        subgraph ResponseItems
            direction TB
            subgraph Item1[ID]
                Item1Properties["Key - Value
                Key - Value
                Key - Value"]
            end
            subgraph Item2[ID]
                Item2Properties["Key - Value
                Key - Value
                Key - Value"]
            end
            Item1 -.- Item2
        end
    end
    Request --> Pipe
    Pipe --> Response