About radius-enabled token servers – Cisco 3.3 User Manual
Page 564
Chapter 13 User Databases
Token Server User Databases
13-80
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
About RADIUS-Enabled Token Servers
Cisco Secure ACS supports token servers using the RADIUS server built into the
token server. Rather than using a vendor-proprietary API, Cisco Secure ACS
sends standard RADIUS authentication requests to the RADIUS authentication
port on the token server. This feature enables Cisco Secure ACS to support any
IETF RFC 2865-compliant token server.
You can create multiple instances of RADIUS token servers. For information
about configuring Cisco Secure ACS to authenticate users with one of these token
servers, see
Configuring a RADIUS Token Server External User Database,
Cisco Secure ACS provides a means for specifying a user group assignment in the
RADIUS response from the RADIUS-enabled token server. Group specification
always takes precedence over group mapping. For more information, see
RADIUS-Based Group Specification, page 16-14
.
Cisco Secure ACS also supports mapping users authenticated by a
RADIUS-enabled token server to a single group. Group mapping only occurs if
group specification does not occur. For more information, see
External User Database, page 16-2
.
Token Server RADIUS Authentication Request and Response Contents
When Cisco Secure ACS forwards an authentication request to a
RADIUS-enabled token server, the RADIUS authentication request contains the
following attributes:
•
User-Name (RADIUS attribute 1)
•
User-Password (RADIUS attribute 2)
•
NAS-IP-Address (RADIUS attribute 4)
•
NAS-Port (RADIUS attribute 5)
•
NAS-Identifier (RADIUS attribute 32)