OpenNMS RADIUS Authentication

Question

We are having problems using our RADIUS (Microsoft NPS) server for authentication with OpenNMS 22.0.3. The thing is that we have a old OpenNMS server which successfully uses RADIUS authentication for web-logons but even if we copy the conf files from the old working machine, we still cannot get it to work on 22.0.3.

What we have done:

1. Installed opennms-plugin-protocols-radius,
2. applicationContext-spring-security.xml:

Changed it to use the file radius.xml in spring-security.d/

<!-- use our custom authentication provider; to use RADIUS instead, change this to "radiusAuthenticationProvider" an
d uncomment below -->
  <authentication-manager alias="authenticationManager">
    <!-- If a user is pre-authenticated, make sure their user details are populated correctly. -->
    <authentication-provider ref="preauthAuthProvider" />
    <!-- Use our custom authentication provider -->
    <authentication-provider ref="hybridAuthenticationProvider" />
    <!-- To enable external (e.g. LDAP, RADIUS) authentication, uncomment the following.
         You must also rename and customize exactly ONE of the example files in the
         spring-security.d subdirectory. -->
    <authentication-provider ref="externalAuthenticationProvider" /> 
  </authentication-manager>

3.In radius.xml:

<beans:bean id="externalAuthenticationProvider" class="org.opennms.protocols.radius.springsecurity.RadiusAuthenticationProvider">
    <beans:constructor-arg value="ip.ip.ip.ip"/>
    <beans:constructor-arg value="SECRET"/>
    <beans:property name="port" value="1812"/>
    <beans:property name="timeout" value="5"/>
    <beans:property name="retries" value="3"/>
    <beans:property name="authTypeClass" value="net.jradius.client.auth.MSCHAPv2Authenticator"/>
    <beans:property name="defaultRoles" value="ROLE_USER"/>
    <beans:property name="rolesAttribute" value="Unknown-VSAttribute(5813:1)"/>
  </beans:bean>

When we then restart opennms (it restarts without errors) and go to the webpage, we are only greeted by a blank page.

Logs doesn't say anything.

Answer 1

The symptom of a blank page indicates a problem with installing the RADIUS protocol. Can you verify if it is installed correctly?

cd ${OPENNMS_HOME}/lib
find . -iname "*radius*"

You should have the following files:

./jradius-core-1.1.5.jar
./org.opennms.dependencies.jradius-extended-22.0.3.jar
./jradius-dictionary-1.1.5.jar
./org.opennms.protocols.radius-22.0.3.jar

Answer 2

In 22.0.2 we have introduced a way to normalise how times are represented and it is configurable in the opennms.properties see here:

# Choose the format how the date is displayed in the UI. It needs to follow the pattern in DateTimeFormatter:
# see https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html
# org.opennms.ui.datettimeformat=yyyy-MM-dd'T'HH:mm:ssxxx

This is the issue where this enhancement is introduced: https://issues.opennms.org/browse/NMS-10231

There are a few other places and it is finished with the coming 22.0.4 release. Here is what parts are related to representing time issues in the Web UI and what is going in each release: https://issues.opennms.org/browse/NMS-10072