HashiCorp Vault - RADIUS Configuration RSA Ready Implementation Guide
2 years ago
Originally Published: 2023-10-13

This section describes how to integrate HashiCorp Vault with RSA Cloud Authentication Service using RADIUS.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using RADIUS.

Procedure

  1. Sign in to RSA Cloud Administration Console and browse to Authentication Clients > RADIUS.
  2. Click Add RADIUS Client and Profiles.
    Saneesh_0-1699436995692.png
  3. In the RADIUS Client section, provide the following details.
    1. Name: Name for your RADIUS client.
    2. Description (optional): A description for your RADIUS client.
    3. IP Address: The IP address of the machine on which HashiCorp Vault is installed.
    4. Shared Secret: The secret that you will configure in the HashiCorp Vault.
  4. Click the Cloud Authentication Service only applies access policy for additional authentication option.
  5. Select an Access Policy as applicable.
  6. Click Save and Next Step.
  7. Click Finish.

Notes:

  • Users must have a valid authentication method registered. To register an authentication method, access My Page and add the authentication method.
  • When signing in to Vault with RADIUS, provide the tokencode as the password for the username.

Configure HashiCorp Vault

Perform these steps to configure HashiCorp Vault.

Procedure

  1. Sign in to Vault with the root token that is set while starting the HashiCorp Vault server.
    Saneesh_0-1698296841402.png
  2. In the left pane, click Access.
    Saneesh_1-1698297044545.png
  3. Under Authentication Methods, click Enable new method.
    Saneesh_2-1698297364473.png
  4. Select RADIUS under Infra, and click Next.
    Saneesh_3-1698297474178.png
  5. Under Enable an Authentication Method, click Enable Method.
    Saneesh_4-1698297614149.png
  6. Configure the RADIUS server by providing the following details.
    • Host: Server name or IP address of your RSA Identity Router.
    • Secret: Enter the RADIUS shared secret. It must match with the secret as entered in the RSA Cloud Administration Console.
    • Timeout: 60 seconds.
    • Server Authentication Port: 1812.
    • NAS Port:10

Note:

To get the IP address of the Identity Router:

  1. Sign in to Cloud Administration Console, and go to Platform > Identity Routers.
  2. Expand the identity router configured and copy the value of
    Eth0 IP Address (Management).

In addition to the configuration made in the user interface, you can use the following endpoint to configure RADIUS.

TypeEndpointHeaderBody
POSThttp://127.0.0.1:8200/v1/auth/radius/configX-Vault-Token : <root token id>{
“host” :  “ipaddress” , "port" : "1812" , "secret" :  "secret"
}

 

Configuration is complete.

Return to the main page .

Related Articles

Trending Articles

Don't see what you're looking for?