You are viewing an old version of this page. View the current version.
Parallels Remote Access Server RADIUS Configuration
To configure Radius properties:
- In the Parallels RAS Console, navigate to the Connection > Second Level Authentication tab.
- In the Provider drop-down list, select Radius.
- Click the Settings button. The Radius Properties dialog opens.
- 823pxIn the Server field, enter the hostname or IP address of the Radius Server. (see inWebo RADIUS server list)
- In the Port field, enter the port number for the Radius Server. (1812)
- In the Timeout field, specify the packet timeout in seconds.
- In the Retries field, specify the number of retries when attempting to establish a connection.
- For inWebo the Radius authentication time (Timeout*(Retries+1)) should be below the 30s duration of an OTP
- Type the Secret Key and specify the Password Encoding as PAP (Password Authentication Protocol)
- Click OK when done.
- Click the Check connection button to validate the connection. If the connection is configured correctly, you will see a confirmation message.
- In the Value field, enter the value for the selected attribute type (numeric, string, IP address, date, etc).
About ‘push’ RADIUS mode
if you are using the 'push' radius mode (notification sent to the user's smartphone), the global response time must be long enough to allow the user to authenticate with his smartphone.
A "Radius Authentication time" of 60 seconds is recommended. (timeout 60 / 1 Retries)
inWebo RADIUS servers
Fill the indication for your first inWebo radius authentication server ex:radius1.myinwebo.com
inWebo Radius server addresses you can add:
- Primaryradius1.myinwebo.com(184.108.40.206) and secondaryradius1b.myinwebo.com(220.127.116.11), port number: UDP 1812
- Primaryradius2.myinwebo.com(18.104.22.168) and secondaryradius2b.myinwebo.com (22.214.171.124), port number: UDP 1812
- Primaryradius3.myinwebo.com (126.96.36.199) and secondaryradius3b.myinwebo.com (188.8.131.52), port number: UDP 1812
- Primaryradius4.myinwebo.com(184.108.40.206) and secondaryradius4b.myinwebo.com (220.127.116.11), port number: UDP 1812
InWebo RADIUS configuration
You can create your own inWebo account at inWebo Signup page. This will give you access to you inWebo Administration Console.
- Once connected, go to Secure Sites tab > CONNECTORS section.
- Select “Add a connector of type…”, and choose “Radius” or “Radius Push” :
- The popup below will appear. Enter the External URL of to reach your Parallels Remote Application Server, along with the RADIUS secret you have defined earlier:
- Click “Add/update”
Creating a new secure site for your portal page
In the "Secure Sites" tab of your inWebo Administration Console, "Add a Secure Site of type..." > Radius
Fill the site properties with the following information:
- Called URL: https://***webaddress***/RASHTML5Gateway
- Authentication page: //10.0.0.244/RASHTML5Gateway
- Wildcard used in path >Yes<
- Form name : loginForm
- Login field name : email
- Password field name : inWebOTP
You have to activate the Browser token to create the Bookmark Alias
Basic Virtual authenticator integration the HTML 5 Parallels portal
Modifying the index page
file location: Open ProgramFiles/Parallels/.../RASHTML5Gateway/www/index.html in a text editor.
Lines to Add in the <HEAD> section:
Lines to Add in the BODY section:
Change the data-alias information to match the alias given for in the Secure site created for this page.
Modifying the "tpl-login" script
Find and modify the script with id="tpl-login"" as below
Authenticating with a portal modified with Virtual Authenticator
The portal will automatically display the inWebo authentication frame
- Once authenticated with a PIN code the inWebo frame will fill automatically the UPN(user@domain) and generate the OTP
- Verify that the inWebo login match the correct UPN
Warning: only a registered Device and a correct PIN code can generate the right OTP for a specific service.
- Fill the Windows password and copy the generated OTP before proceeding the “Login” button.
- Paste the OTP and push OK to access you content.
Authenticating in RADIUS "PUSH" mode
When using a RADIUS PUSH secure site as authentication process, there is no modification to the company portal,
- The user just need to type a random character chain for the OTP request
* This request is sent to our platform which ask your PIN code on the user's phone to accept the RADIUS authentication.
Once the authentication validated the RADIUS authentication is accepted.
Authenticating with Parallels Client on Windows environment
Warning: The username should be in UPN format and correspond to inWebo login to accept the RADIUS authentication.
In RADIUS "Push" mode
For RADIUS push the user just need to type a random character chain for the OTP request,
As above this request is sent to our platform which ask your PIN code on the user's phone to accept the RADIUS authentication.
- No labels