Skip to content

Warning

Mideye Server 5 is no longer updated, and new installations are not supported. Only existing Mideye Server 5 installations and upgrades are supported. Please use Mideye Server 6 for new installations and continued support.

Mideye Server 5 Reference Guide

This document serves as a reference guide for Mideye server 5. For installation guidelines, please refer to the Pre-install checklist and installation guides.

1. Mideye architecture

The figure below gives an overview of the Mideye architecture.

The Mideye Server is a general-purpose authentication server that supports standard RADIUS. Supported authentication protocols are PAP, MSCHAPv2, and EAP-MSCHAPv2. Refer to software requirements for a list of supported operating systems.

RADIUS clients: VPN concentrators, access portals, and firewalls act as RADIUS clients towards Mideye (RADIUS server). Mideye utilizes the challenge-response mechanism in RADIUS (RFC 2865, sections 2.1 and 4.4). For access products that do not support RADIUS challenge-response, the Mideye+ app can be used, see section Mideye+ and Touch Accept.

LDAP Directory: End-user data can be read from an existing repository via LDAP/LDAPS, which eliminates the need for separate account administration (no account administration in the Mideye Server).

SQL Database: Database that holds the configuration data for Mideye. As an option to using an LDAP repository, user accounts can also be registered in the database. A list of supported databases can be found here.

Network Policy Server (NPS): Mideye acts as a proxy to the NPS when MSCHAPv2 and EAP-MSCHAPv2 are used. For more information, see section Network Policy Server.

Mideye Web GUI: Administrative interface for the Mideye Server.

Primary and secondary Mideye service: The Mideye Server is connected via the Internet to two independent Mideye Service centers. Each customer is assigned a unique TCP port for communicating with the Mideye Service. Firewalls only need to be open for outbound traffic, meaning that the Mideye Server does not need to be exposed to the Internet. The Mideye Service maintains direct connections with mobile networks for managed real-time delivery of one-time passwords (SMS-OTPs) and data push notifications to Mideye+ apps. As an option to using mobile phones, OTPs from token cards can be verified against a centrally operated Token Server.

Mideye Server 5 is a Java application built using Spring Boot (backend) and React JS (frontend). Mideye Server 5 uses Java Runtime Environment version 8, which comes bundled with the installation package. The Mideye Server runs as a background application and handles RADIUS requests on one or multiple ports. Configuration and administration of the Mideye Server are done from a web GUI. All configuration is saved in real time, meaning no server restarts are required.