Creation of Custom VSA

robinh007 · ‎03-13-2025

We are planning to utilize a RADIUS server for LDAP and OTP authentication. Our objective is to send the Username, Password, and OTP in a single request. To achieve this, we need to create a Custom Vendor-Specific Attribute (VSA) in the FortiGate firewall. This will enable us to include the OTP along with the Username and Password for authentication purposes. Could you please provide the detailed procedure for creating a Custom VSA in the FortiGate firewall?

FortiGate

h007robin

Stephen_G · ‎03-16-2025

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Stephen - Fortinet Community Team

dingjerry_FTNT · ‎03-16-2025

Hi @robinh007 ,

I am unfamiliar with Radius and have never heard of including a Username, Password, and OTP in one Radius request.

Here is the article about Fortinet's RADIUS Dictionary and VSAs (latest):

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Fortinet-s-RADIUS-Dictionary-and-VSAs-late...

Regards,

Jerry

AEK · ‎03-17-2025

I think it depends on the authentication protocol (PAP, CHAP, MSCHAP2 & EAP). Some support challenge response, some support concatenated password-OTP and some may support both.

AEK

Creation of Custom VSA

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website