Radius fails on group query with Okta

Started by kubowy, April 09, 2024, 07:48:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 09, 2024, 07:48:19 PM Last Edit: April 09, 2024, 08:19:13 PM by kubowy
I am trying to enable authentication thru Radius server set up in Okta.

https://help.okta.com/oie/en-us/content/topics/integrations/okta_radius_app-gen-group-auth.htm

Authentication itself works fine, push request is coming thru, but no groups are being read by OPNsense:

User: tony.tester@test.com authenticated successfully.
This user is a member of these groups:
(no groups)

Attributes received from server:
class => pfsense

pfsense_test is the name of the group in Okta:

Groups Response

Include groups in RADIUS response: yes

When selected, Okta will return user groups to the specified RADIUS attribute. This is used to define access to resources or to define other policies within a RADIUS network.

RADIUS attribute: 25 Class
Group memberships to return: pfsense
Response format: Repeating attributes
Group name format: ${group.name}

On pfsense this works like charm it reads the group membership without any issues with same configuration.

I have tested other radius attribute 11 Filter-ID but no luck

Any ideas?
April 09, 2024, 07:56:57 PM #1
Group sync is enabled in authentication server
Print
Go Up Pages1
User actions