authentik.providers.radius.models

Radius Provider

  1"""Radius Provider"""
  2
  3from collections.abc import Iterable
  4
  5from django.db import models
  6from django.templatetags.static import static
  7from django.utils.translation import gettext_lazy as _
  8from rest_framework.serializers import Serializer
  9
 10from authentik.core.models import PropertyMapping, Provider
 11from authentik.crypto.models import CertificateKeyPair
 12from authentik.lib.generators import generate_id
 13from authentik.outposts.models import OutpostModel
 14
 15
 16class RadiusProvider(OutpostModel, Provider):
 17    """Allow applications to authenticate against authentik's users using Radius."""
 18
 19    shared_secret = models.TextField(
 20        default=generate_id,
 21        help_text=_("Shared secret between clients and server to hash packets."),
 22    )
 23
 24    client_networks = models.TextField(
 25        default="0.0.0.0/0, ::/0",
 26        help_text=_(
 27            "List of CIDRs (comma-separated) that clients can connect from. A more specific "
 28            "CIDR will match before a looser one. Clients connecting from a non-specified CIDR "
 29            "will be dropped."
 30        ),
 31    )
 32
 33    mfa_support = models.BooleanField(
 34        default=True,
 35        verbose_name="MFA Support",
 36        help_text=_(
 37            "When enabled, code-based multi-factor authentication can be used by appending a "
 38            "semicolon and the TOTP code to the password. This should only be enabled if all "
 39            "users that will bind to this provider have a TOTP device configured, as otherwise "
 40            "a password may incorrectly be rejected if it contains a semicolon."
 41        ),
 42    )
 43
 44    certificate = models.ForeignKey(
 45        CertificateKeyPair, on_delete=models.CASCADE, default=None, null=True
 46    )
 47
 48    @property
 49    def launch_url(self) -> str | None:
 50        """Radius never has a launch URL"""
 51        return None
 52
 53    @property
 54    def component(self) -> str:
 55        return "ak-provider-radius-form"
 56
 57    @property
 58    def icon_url(self) -> str | None:
 59        return static("authentik/sources/radius.svg")
 60
 61    @property
 62    def serializer(self) -> type[Serializer]:
 63        from authentik.providers.radius.api.providers import RadiusProviderSerializer
 64
 65        return RadiusProviderSerializer
 66
 67    def get_required_objects(self) -> Iterable[models.Model | str | tuple[str, models.Model]]:
 68        required = [self, "authentik_stages_mtls.pass_outpost_certificate"]
 69        if self.certificate is not None:
 70            required.append(("authentik_crypto.view_certificatekeypair", self.certificate))
 71            required.append(
 72                ("authentik_crypto.view_certificatekeypair_certificate", self.certificate)
 73            )
 74            required.append(("authentik_crypto.view_certificatekeypair_key", self.certificate))
 75        return required
 76
 77    def __str__(self):
 78        return f"Radius Provider {self.name}"
 79
 80    class Meta:
 81        verbose_name = _("Radius Provider")
 82        verbose_name_plural = _("Radius Providers")
 83
 84
 85class RadiusProviderPropertyMapping(PropertyMapping):
 86    """Add additional attributes to Radius authentication responses."""
 87
 88    @property
 89    def component(self) -> str:
 90        return "ak-property-mapping-provider-radius-form"
 91
 92    @property
 93    def serializer(self) -> type[Serializer]:
 94        from authentik.providers.radius.api.property_mappings import (
 95            RadiusProviderPropertyMappingSerializer,
 96        )
 97
 98        return RadiusProviderPropertyMappingSerializer
 99
100    def __str__(self):
101        return f"Radius Provider Property Mapping {self.name}"
102
103    class Meta:
104        verbose_name = _("Radius Provider Property Mapping")
105        verbose_name_plural = _("Radius Provider Property Mappings")
class RadiusProvider(authentik.outposts.models.OutpostModel, authentik.core.models.Provider): 
17class RadiusProvider(OutpostModel, Provider):
18    """Allow applications to authenticate against authentik's users using Radius."""
19
20    shared_secret = models.TextField(
21        default=generate_id,
22        help_text=_("Shared secret between clients and server to hash packets."),
23    )
24
25    client_networks = models.TextField(
26        default="0.0.0.0/0, ::/0",
27        help_text=_(
28            "List of CIDRs (comma-separated) that clients can connect from. A more specific "
29            "CIDR will match before a looser one. Clients connecting from a non-specified CIDR "
30            "will be dropped."
31        ),
32    )
33
34    mfa_support = models.BooleanField(
35        default=True,
36        verbose_name="MFA Support",
37        help_text=_(
38            "When enabled, code-based multi-factor authentication can be used by appending a "
39            "semicolon and the TOTP code to the password. This should only be enabled if all "
40            "users that will bind to this provider have a TOTP device configured, as otherwise "
41            "a password may incorrectly be rejected if it contains a semicolon."
42        ),
43    )
44
45    certificate = models.ForeignKey(
46        CertificateKeyPair, on_delete=models.CASCADE, default=None, null=True
47    )
48
49    @property
50    def launch_url(self) -> str | None:
51        """Radius never has a launch URL"""
52        return None
53
54    @property
55    def component(self) -> str:
56        return "ak-provider-radius-form"
57
58    @property
59    def icon_url(self) -> str | None:
60        return static("authentik/sources/radius.svg")
61
62    @property
63    def serializer(self) -> type[Serializer]:
64        from authentik.providers.radius.api.providers import RadiusProviderSerializer
65
66        return RadiusProviderSerializer
67
68    def get_required_objects(self) -> Iterable[models.Model | str | tuple[str, models.Model]]:
69        required = [self, "authentik_stages_mtls.pass_outpost_certificate"]
70        if self.certificate is not None:
71            required.append(("authentik_crypto.view_certificatekeypair", self.certificate))
72            required.append(
73                ("authentik_crypto.view_certificatekeypair_certificate", self.certificate)
74            )
75            required.append(("authentik_crypto.view_certificatekeypair_key", self.certificate))
76        return required
77
78    def __str__(self):
79        return f"Radius Provider {self.name}"
80
81    class Meta:
82        verbose_name = _("Radius Provider")
83        verbose_name_plural = _("Radius Providers")

Allow applications to authenticate against authentik's users using Radius.

def shared_secret(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def client_networks(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def mfa_support(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

certificate

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

launch_url: str | None 
49    @property
50    def launch_url(self) -> str | None:
51        """Radius never has a launch URL"""
52        return None

Radius never has a launch URL

component: str 
54    @property
55    def component(self) -> str:
56        return "ak-provider-radius-form"

Return component used to edit this object

icon_url: str | None 
58    @property
59    def icon_url(self) -> str | None:
60        return static("authentik/sources/radius.svg")
serializer: type[rest_framework.serializers.Serializer] 
62    @property
63    def serializer(self) -> type[Serializer]:
64        from authentik.providers.radius.api.providers import RadiusProviderSerializer
65
66        return RadiusProviderSerializer

Get serializer for this model

def get_required_objects( self) -> Iterable[django.db.models.base.Model | str | tuple[str, django.db.models.base.Model]]: 
68    def get_required_objects(self) -> Iterable[models.Model | str | tuple[str, models.Model]]:
69        required = [self, "authentik_stages_mtls.pass_outpost_certificate"]
70        if self.certificate is not None:
71            required.append(("authentik_crypto.view_certificatekeypair", self.certificate))
72            required.append(
73                ("authentik_crypto.view_certificatekeypair_certificate", self.certificate)
74            )
75            required.append(("authentik_crypto.view_certificatekeypair_key", self.certificate))
76        return required

Return a list of all required objects

certificate_id
provider_ptr_id
provider_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

Inherited Members
authentik.outposts.models.OutpostModel
Meta
authentik.core.models.Provider
name
authentication_flow
authorization_flow
invalidation_flow
property_mappings
backchannel_application
is_backchannel
objects
authentication_flow_id
authorization_flow_id
invalidation_flow_id
backchannel_application_id
id
application
outpost_set
oauth2provider
ldapprovider
racprovider
radiusprovider
samlprovider
scimprovider
googleworkspaceprovider
microsoftentraprovider
ssfprovider
class RadiusProvider.DoesNotExist(authentik.core.models.Provider.DoesNotExist):

The requested object does not exist

class RadiusProvider.MultipleObjectsReturned(authentik.core.models.Provider.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class RadiusProviderPropertyMapping(authentik.core.models.PropertyMapping): 
 86class RadiusProviderPropertyMapping(PropertyMapping):
 87    """Add additional attributes to Radius authentication responses."""
 88
 89    @property
 90    def component(self) -> str:
 91        return "ak-property-mapping-provider-radius-form"
 92
 93    @property
 94    def serializer(self) -> type[Serializer]:
 95        from authentik.providers.radius.api.property_mappings import (
 96            RadiusProviderPropertyMappingSerializer,
 97        )
 98
 99        return RadiusProviderPropertyMappingSerializer
100
101    def __str__(self):
102        return f"Radius Provider Property Mapping {self.name}"
103
104    class Meta:
105        verbose_name = _("Radius Provider Property Mapping")
106        verbose_name_plural = _("Radius Provider Property Mappings")

Add additional attributes to Radius authentication responses.

component: str 
89    @property
90    def component(self) -> str:
91        return "ak-property-mapping-provider-radius-form"

Return component used to edit this object

serializer: type[rest_framework.serializers.Serializer] 
93    @property
94    def serializer(self) -> type[Serializer]:
95        from authentik.providers.radius.api.property_mappings import (
96            RadiusProviderPropertyMappingSerializer,
97        )
98
99        return RadiusProviderPropertyMappingSerializer

Get serializer for this model

propertymapping_ptr_id
propertymapping_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

Inherited Members
authentik.lib.models.SerializerModel
Meta
authentik.core.models.PropertyMapping
pm_uuid
name
expression
objects
evaluate
managed
provider_set
source_userpropertymappings_set
source_grouppropertymappings_set
notificationwebhookmapping
oauthsourcepropertymapping
scopemapping
endpoint_set
racpropertymapping
radiusproviderpropertymapping
samlsourcepropertymapping
samlpropertymapping
scimprovider_set
scimmapping
kerberossourcepropertymapping
ldapsourcepropertymapping
plexsourcepropertymapping
scimsourcepropertymapping
telegramsourcepropertymapping
googleworkspaceprovider_set
googleworkspaceprovidermapping
microsoftentraprovider_set
microsoftentraprovidermapping
class RadiusProviderPropertyMapping.DoesNotExist(authentik.core.models.PropertyMapping.DoesNotExist):

The requested object does not exist

class RadiusProviderPropertyMapping.MultipleObjectsReturned(authentik.core.models.PropertyMapping.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.