The request is sent from the firewall to the PhenixID server with the request to authenticate the user. Within the request the user has provided their user name and password. The RADIUS module accepts the request and translates the request from a RADIUS format to an internal format. Since no data validation/user authentication is done at RADIUS module, the translated request is sent down to the event/message bus with the target of "data manipulation" module, PIPES (com.phenixidentity~phenix-pipes).

Once the request is put on the event bus the RADIUS module is ready to serve the next external request from any client.

The PIPES module receives the translated request and handles it according to current configuration. On the end of execution, PIPES module responds to the requestor with OK/NO OK depending of the outcome. Additional data may also be added to the response. The response is most often send back to the original requestor, the FW in this case.

The RADIUS module interprets the response from PIPES module and act accordingly, sends accept/reject to the FW in this case.