shared-key (RADIUS SSO login view)

Function

The shared-key command configures the shared key for encrypting communication data between the FW and the network access server (NAS).

The undo shared-key command deletes the shared key for encrypting communication data between the FW and the NAS.

shared-key shared-key

undo shared-key

Parameter	Description	Value
shared-key	Specifies the shared key for encrypting communication data between the FW and the NAS. The value must be the same as that configured on the NAS.	The value is a string of 1 to 23 case-sensitive characters and cannot contain space but can contain special characters, such as the exclamation point (!), at sign (@), number sign (#), dollar sign ($), and percent (%). Then the system converts the character string into cipher text and saves it in the configuration file. If the string consists of 1 to 16 characters, the length of converted cipher text is 32 bytes. If the string consists of 17 to 23 characters, the length of converted cipher text is 56 bytes. To improve security, ensure that the shared key meets the minimum complexity requirement. That is, the password must contain at least three of the following types, including upper-case letters (A to Z), lower-case letters (a to z), digits (0 to 9), and special characters (such as !, @, #, $, and %).

RADIUS SSO view

2: Configuration level

The shared key is used to encrypt communication data between the FW and the NAS. The two ends must use the same shared key.

This command is used only when the RADIUS SSO works in off-line mode (mode out-of-path) where the FW needs to interact with the NAS.

# Set the shared key for encrypting the packets exchanged between the FW and the NAS during SSO to Admin@123.

<sysname> system-view
[sysname] user-manage single-sign-on radius
[sysname-sso-radius] shared-key Admin@123