Multiple applications same radius outpost

[sander1988]

Describe the bug
Radius (client) hangs when deploying 2 applications/providers to the same Authentik Radius outpost. They both have exact the same config, only difference is the radius secret.

Behavior seen in my test setup:

• Assign only the 1st application to outpost: Works correctly
• Assign only the 2nd application to outpost: Works correctly
• Assign two applications to outpost:
  • 1st application: Works correctly
  • 2nd application: Client hangs indefinitely

Expected behavior
Able to use multiple applications with the same radius outpost. I would expect that this is supported as the GUI allows me to configure this. But can't find it in the docs.

Version and Deployment:

• Authentik version: 2024.12.2
• Deployment: K8s/Helm

Additional context

• Client also hangs a long time when connecting with a low timeout (of 5 sec).
• Looks like it keeps retrying the login attempts based on the logs of the outpost.
• No errors logged at client or outpost side.

It this something that should work/is supported? If so, then I will try to narrow it down a bit (like trying other clients, providing debug logs etc.)

[sander1988]

Looking at the code and inline comments it should be supported in Authentik as far as I can see.

I have did some more testing and pretty sure it an issue at the Authentik side.

Some more details:

• In a tcpdump I see that the the packages are identical in size (which is I would expect).
• The only difference is that the failing application keeps retrying the radius requests 3 times.
• The radius responses are received by the client, but I think that they are invalid somehow.

When I change the allowed CIDR of application 1 to something random. Application 2 starts also to work. Based on that observation I can only conclude the radius outpost gets the providers get mixed up somehow.

[sander1988]

Maybe this is why?

https://github.com/goauthentik/authentik/blob/main/internal/outpost/radius/radius.go#L87