The RADIUS Servers page manages the authentication server instances within MideyeServer. Each server listens on a unique UDP port and processes RADIUS Access-Request packets from associated clients. Server configuration includes rate limiting, spam protection, timeout thresholds, and customizable user-facing messages for various authentication scenarios.
RADIUS servers are referenced by RADIUS Clients — each client must be associated with exactly one authentication server and optionally one accounting server.
Required Role: ROOT, SUPER_ADMIN, or ADMIN (to create, edit, delete, or reset spam filter)
Navigation: Home → RADIUS Settings → RADIUS Servers
| Role | View | Create / Edit / Delete | Reset Spam Filter |
|---|
| ROOT | ✅ | ✅ | ✅ |
| SUPER_ADMIN | ✅ | ✅ | ✅ |
| ADMIN | ✅ | ✅ | ✅ |
| OPERATOR | ✅ | ❌ | ❌ |
| Column | Description |
|---|
| Server Name | Unique name identifying the RADIUS server |
| Auth Port | UDP port number the server listens on (1–65535) |
| Action | Edit, Delete, and Reset Spam Filter buttons (admin only) |
The Reset Spam Filter button appears only when the server has active spammers (blocked source IPs).
A RADIUS server cannot be deleted if it is currently used by any RADIUS client. Remove all client associations before deleting.
The configuration form has three tabs: General, Advanced, and User Messages.
| Field | Type | Required | Validation | Default | Description |
|---|
| Server Name | Text | Yes | Max 255, unique (async check) | — | Unique name for this server |
| Auth Port | Number | Yes | Min: 1, Max: 65535, unique (async check) | 1812 | UDP port for authentication requests |
| Field | Type | Required | Validation | Default | Description |
|---|
| Max Pending Requests | Number | Yes | Min: 1, Max: 1000 | 50 | Maximum concurrent authentication requests |
| Max Failed Attempts | Number | Yes | Min: 1, Max: 1000 | 5 | Failed attempts before triggering protective action |
| Max User Deliveries Per Minute | Number | Yes | Min: 1, Max: 1000 | 5 | Maximum OTP deliveries per user per minute |
| Max User Deliveries Per Hour | Number | Yes | Min: 1, Max: 1000 | 30 | Maximum OTP deliveries per user per hour |
| Field | Type | Required | Validation | Default | Description |
|---|
| Touch User Inactivity Timeout | Number (seconds) | Yes | Min: 20, Max: 30 | 25 | Seconds before an unanswered Touch request times out |
| Touch Delivery Failure Timeout | Number (seconds) | Yes | Min: 10, Max: 20 | 17 | Seconds before a Touch delivery is considered failed |
| Field | Type | Default | Description |
|---|
| Auth Per NAS | Checkbox | Off | Track authentication attempts per NAS (Network Access Server) separately |
| Identify Client By Source IP | Checkbox | On | Identify clients by source IP address rather than NAS-IP-Address attribute |
| Suppress Multiple Login | Checkbox | Off | Prevent concurrent authentication sessions for the same user |
Customize the messages sent to users during authentication. All message fields support a maximum of 253 characters (per RADIUS attribute length limit). The Assisted Login Touch Title has a maximum of 100 characters.
| Field | Default Value | Description |
|---|
| Authorization Failed | ”User not authorized.” | Shown when user is not authorized to access the resource |
| Invalid Password | ”Invalid user or password.” | Shown for incorrect password |
| User Expired | ”User account has expired.” | Shown when user account has expired |
| Field | Default Value | Description |
|---|
| Challenge Message | ”Enter OTP:“ | Prompt for OTP entry |
| Password Reset | ”Password needs to be reset during this session.” | Shown during password reset flow |
| Invalid OTP | ”Invalid OTP.” | Shown for incorrect OTP |
| OTP Not Delivered | ”Phone not reachable, for help see [www.mideye.com/help].” | Shown when OTP delivery fails |
| Field | Default Value | Description |
|---|
| Plus Challenge | ”Please sign %s.” | Mideye Plus signing prompt (%s = transaction reference) |
| Plus Switch Challenge | ”Phone not reachable. Please sign %s.” | Fallback prompt when Touch is unavailable |
| Plus Not Delivered | ”Code could not be verified, please try later.” | Shown when Plus code verification fails |
| Field | Default Value | Description |
|---|
| Token Out of Sync | ”Token card out of sync. Try again with a new one-time password.” | Shown when hardware token is out of synchronization |
| Number Field Not Found | ”User account is incorrect.” | Shown when the user’s number field (phone) is not configured |
| Token Code Not Delivered | ”One-time password could not be verified, please try later.” | Shown when token code verification fails |
| Field | Default Value | Description |
|---|
| Touch Accept Title | ”Mideye+ Touch Accept” | Title of the Touch notification on the user’s device |
| Touch Accept Display Text | ”Do you want to proceed with the login?” | Body text of the Touch notification |
| Touch Failed Timeout | ”Touch Accept login was unsuccessful” | Shown when Touch request times out |
| Field | Default Value | Description |
|---|
| Assisted Login Challenge | ”Enter Approver ID:“ | Prompt for the approver identifier |
| Assisted Login Touch Title | ”Assisted Login Request” | Title of the Touch notification sent to the approver |
When MideyeServer detects excessive failed authentication attempts from specific source IPs, it temporarily blocks them (spam filter). The Reset Spam Filter action clears all blocked sources for a server.
Steps:
- Click the Reset Spam Filter icon (only visible when spammers exist).
- Review the server name and number of currently blocked sources.
- Click Reset to unblock all sources.
- Click Add New.
- Enter a descriptive server name and unique port number.
- Configure rate limits on the Advanced tab.
- Customize user messages on the User Messages tab.
- Click Save.
- Associate the server with RADIUS Clients.
- Edit the target server.
- Go to the User Messages tab.
- Modify the Touch Accept Title and Display Text to match your organization’s branding.
- Save.
- Edit the server.
- Go to the Advanced tab.
- Increase Max Pending Requests for higher concurrency.
- Adjust Max User Deliveries Per Minute/Hour to prevent OTP exhaustion.
- Save.
| Issue | Possible Cause | Resolution |
|---|
| Cannot delete server | Server is assigned to one or more RADIUS clients | Remove all client associations first |
| Port already in use | Another server uses the same port | Choose a unique port number |
| Users see generic error messages | Default messages not customized | Edit messages on the User Messages tab |
| Legitimate users blocked | Spam filter triggered by failed attempts | Reset the spam filter and investigate the source |
| Touch requests timing out | Timeout too short for network conditions | Increase timeouts on the Advanced tab |
