Configure a Linux Server to Connect to an RP Proxy
Once the Moonshot Libraries have been installed on a Server, they need to be configured to connect to a local Moonshot RP Proxy (RADIUS server) via RADIUS or RadSec in order to create the first hop between the service and the user's home IdP to allow authentication to happen.
The configuration that specifies how to connect to a Moonshot RP Proxy exists in /etc/radsec.conf
(on a fresh install, you will need to create this file). This can be a RADIUS or a RadSec connection.
If you are unsure which to use, then RadSec is recommended as it is more flexible and more secure. It is slightly more complex to set up, however.
Configure RadSec
If you choose to use a RadSec connection to your Moonshot RP, then place the following content into /etc/radsec.conf
:
realm gss-eap { type = "TLS" cacertfile = "$path_to_ca.pem" certfile = "$path_to_client.pem" certkeyfile = "$path_to_client.key" disable_hostname_check = yes server { hostname = "$hostname" service = "2083" secret = "radsec" } }
Configure RADIUS
If you choose to use a plain RADIUS connection to your Moonshot RP Proxy, then place the following content into /etc/radsec.conf
:
realm gss-eap { type = "UDP" timeout = 5 retries = 3 server { hostname = "$hostname" service = "1812" secret = "$secret" } }