Messages

1

24.1 Legacy Series / Re: Radius fails on group query with Okta

« on: April 09, 2024, 07:56:57 pm »

Group sync is enabled in authentication server

2

24.1 Legacy Series / Radius fails on group query with Okta

« on: April 09, 2024, 07:48:19 pm »

I am trying to enable authentication thru Radius server set up in Okta.

https://help.okta.com/oie/en-us/content/topics/integrations/okta_radius_app-gen-group-auth.htm

Authentication itself works fine, push request is coming thru, but no groups are being read by OPNsense:

User: tony.tester@test.com authenticated successfully.
This user is a member of these groups:
(no groups)

Attributes received from server:
class => pfsense

pfsense_test is the name of the group in Okta:

Groups Response

Include groups in RADIUS response: yes

When selected, Okta will return user groups to the specified RADIUS attribute. This is used to define access to resources or to define other policies within a RADIUS network.

RADIUS attribute: 25 Class
Group memberships to return: pfsense
Response format: Repeating attributes
Group name format: ${group.name}

On pfsense this works like charm it reads the group membership without any issues with same configuration.

I have tested other radius attribute 11 Filter-ID but no luck

Any ideas?