Mikrotik Keycloak Radius Plugin
- Mikrotik implementation for Keycloak Radius Plugin
features:
- Hotspot :
- PPP
- pap,chap, mschapv2 authorization
support services: hotspot, login, ppp
Mikrotik Login Example (Radius Server)
- create ${KEYCLOAK_PATH}/config/radius.config
{
{
"sharedSecret":"TEST",
"authPort":1812,
"accountPort":1813,
"useUdpRadius":true,
"radsec":{
"privateKey":"config/private.key",
"certificate":"config/public.crt",
"useRadSec":false
}
}
- create “mikrotik_login” Realm
![createRealm](/keycloak-radius-plugin/docs/createRealm.png)
- create “radius” client
![radiusClient](/keycloak-radius-plugin/docs/radiusClient.png)
- create role “MIKROTIK-ADMIN”
![createAdminRole](/keycloak-radius-plugin/docs/createAdminRole.png)
- assign radius attribute “Mikrotik-Group”=”full” to Role “MIKROTIK-ADMIN”
![addAttribute](/keycloak-radius-plugin/docs/addAttribute.png)
- create “testUser” User
![addTestUser](/keycloak-radius-plugin/docs/addTestUser.png)
- set Password “test” for User. uncheck “Temporary”
![SetPassword](/keycloak-radius-plugin/docs/SetPassword.png)
- assign Role “MIKROTIK-ADMIN” to “testUser”
![AssignRole](/keycloak-radius-plugin/docs/AssignRole.png)
- set Action “Update Radius Password” (or send this event to user be email)
![updateRadiusPassword](/keycloak-radius-plugin/docs/updateRadiusPassword.png)
- Impersonate user
![Impersonate](/keycloak-radius-plugin/docs/Impersonate.png)
- Sign-out
![SignOut](/keycloak-radius-plugin/docs/SignOut.png)
- Login with testUser:test
![loginNewUser](/keycloak-radius-plugin/docs/loginNewUser.png)
- Set Radius User Password
![RadiusUserPassword](/keycloak-radius-plugin/docs/RadiusUserPassword.png)
- open Mikrotik Radius configuration Page
![RadiusSetting](/keycloak-radius-plugin/docs/RadiusSetting.png)
- enable Radius AAA
![useRadiusUsers](/keycloak-radius-plugin/docs/useRadiusUsers.png)
- try to login with a new User
![webActive](/keycloak-radius-plugin/docs/webActive.png)
- try to login by ssh(the same for telnet and winbox)
![sshAccess](/keycloak-radius-plugin/docs/sshAccess.png)
![sshActive](/keycloak-radius-plugin/docs/sshActive.png)
Mikrotik Rad-sec Example
Mikrotik RadSec Example
Hotspot Example (with Facebook login)
Hotspot Example (with Facebook login)
Example CoA Configuration
Radius Disconnect Message
Radius Proxy
Radius Proxy Module