Skip to content

Mideye Server 6 Reference Guide

This document serves as the reference guide for Mideye Server 6. For installation guidelines, please refer to the Pre-install Checklist and Installation Guides.

1. Mideye Architecture

The following figure provides an overview of the Mideye architecture:

Mideye Architecture Overview

Components

  • Mideye Server:
    A versatile authentication server supporting standard RADIUS protocols, including PAP, MSCHAPv2, and EAP-MSCHAPv2. For a list of supported operating systems, refer to the Software Requirements.

  • RADIUS Clients:
    Devices such as VPN concentrators, access portals, and firewalls act as RADIUS clients communicating with the Mideye Server. Mideye utilizes the challenge-response mechanism defined in RADIUS (RFC 2865, sections 2.1 and 4.4). For access products that do not support RADIUS challenge-response, the Mideye+ app can be used as an alternative authentication method.

  • Magic Link API:
    Mideye Server 6.1 includes a Magic Link API that serves as an alternative to the RADIUS protocol, particularly useful in environments where RADIUS is not supported or for integrating custom web pages. The Magic Link API allows for second-factor authentication using users' mobile numbers (MSISDN) and can be utilized for Assisted Login. It is disabled by default and can be enabled through the server configuration. Refer to the Magic Link API Documentation for more details.

  • LDAP Directory:
    Mideye can integrate with existing LDAP/LDAPS repositories to read end-user data, eliminating the need for separate account administration within the Mideye Server.

  • SQL Database:
    The SQL database stores Mideye's configuration data and keys for on-premises tokens. Alternatively, user accounts can be managed directly within the database. A list of supported databases is available here.

  • Network Policy Server (NPS):
    When using MSCHAPv2 and EAP-MSCHAPv2, Mideye acts as a proxy to the NPS. For more information, see the Network Policy Server section.

  • Mideye Web GUI:
    An administrative interface for managing the Mideye Server.

  • Primary and Secondary Mideye Services:
    The Mideye Server connects via the Internet to two independent Mideye Service centers. Each customer is assigned a unique TCP port for communication with the Mideye Service. Firewalls need only be open for outbound traffic, ensuring that the Mideye Server does not require exposure to the Internet. The Mideye Service maintains direct connections with mobile networks for the real-time delivery of one-time passwords (SMS-OTPs) and data push notifications to Mideye+ apps. Additionally, OTPs from mini tokens can be verified against a centrally operated Token Server.

Technology Stack

Mideye Server 6 is built as a Java application using Spring Boot for the backend and React JS for the frontend. It utilizes Java Runtime Environment version 17, which is bundled with the installation package. The Mideye Server operates as a background application, handling RADIUS requests on one or multiple ports. Configuration and administration are performed through the Web GUI, with changes saved in real-time, eliminating the need for server restarts.