1. What is RadSec? What is RADIUS?

RADIUS is a very widely deployed authentication and authorisation protocol. It provides centralised Authentication, Authorisation, and Accounting management for users connecting to network services. It does, however, have two main shortcomings: it uses UDP (an unreliable transport mechanism), and it is not secure (its security relies on MD5).

RadSec is a protocol for transporting RADIUS messages over TCP and TLS, thus mitigating the two main issues with RADIUS and giving you the application support and advantages of RADIUS in a secure manner.

2. Key Concepts and Terminology

RADIUS (the Remote Access Dial In User Service) was created as a standardised method for...

• RADIUS client - a device operated by a user that provides access to a user (e.g.,
• RADIUS server - a device that contains authentication information for users

3. Moonshot and RadSec

3.1. How Moonshot uses RadSec

To ensure that all Moonshot traffic between entities using Moonshot remains secure, the Moonshot architecture uses RadSec.

3.2. Where Moonshot uses RadSec

RadSec and RADIUS are used as the secure communications channel between the Application Server and its RP Proxy, and the RP Proxy and the Identity Provider. EAP messages and SAML responses are relayed over this channel.