The LoadMaster supports RADIUS challenge/response authentication. RADIUS challenge/response is supported transparently – if the server sends a challenge, an additional form is displayed and the user is asked to enter the additional token/password.

The authentication flow is as follows:

  1. The end user is prompted to enter a username and password.
  2. If the username and password credentials have authenticated successfully, the One Time Password (OTP) is requested using a server challenge. An additional form is displayed and the end user needs to enter the additional token/password.
  3. The username and OTP details are then submitted to the server for authentication.

Regarding the methods used during the authentication flow – an Access Request is sent from the LoadMaster to the server (which includes the username and password), the server responds with an Access Challenge (if the credentials have authenticated successfully) which will result in a subsequent form to collect the OTP. The LoadMaster then sends another Access Request (with the State and OTP included) and the server then responds with either an Access Accept or Access Reject, depending on whether the authentication was successful or not.