Password encoding with RADIUS authenticator

This document describes how PAS handles incoming request from client, where extended characters is used in the password.


The RADIUS authenticator in PAS, will by default use UTF-8 for the incoming request from client.
This can be changed to "Windows-1252" instead.
If the setting is changed, only clients using "Windows-1252" as encoding will be able to use extended characters in the password.


The parameter for the encoding is set on the RADIUS authenticator.
Login to the Configuration GUI, go to the "Advanced" tab, click the pencil besides "Authentication - Radius" and add the parameter:
"client_character_encoding" : "Windows-1252"
Like this example:

  "name": "UsernamePasswordAndOTPAuthenticator",
  "config": {
	"uid_pwd_pipe": "7c4a7e32-8a63-44c8-b771-9950609146e2",
	"validate_otp_pipe": "542a1385-1474-4fc7-a2dc-1d21932a90df",
	"clientIP": ",",
	"client_character_encoding": "Windows-1252",
	"ar_attributes": "",
	"resp_attributes": "",
	"ac_attributes": "",
	"secret": "{enc}qG6skItdiLREr3/OfjTRI0YbACXeRTvPI2aLRAa9S/8=",
	"radius_config": "ecc7e094-236e-4568-9b99-d6e3bb0c9d97",
	"remove_ad_domain": "false",
	"session_ttl": "4",
	"alias_ttl": "3",
	"impersonation_check": "true",
	"safe_mode": "false",
	"challenge_message": "",
	"retry_challenge_message": ""
  "created": "2021-10-25T09:15:26.806Z",
  "id": "0da1ccf3-f574-4a33-b40e-88b50f8ef3f4"
Click to copy