Hi,
I am currently running keycloak 24.0 and need to install and setup the radius plugin. I am not able to locate a radius plugin for this version with concrete installation instruction. Has anyone setup radius on keycloak 24.0? Looking for some help or direction. Thanks.
Late but better than never: You maybe interested in my new project:
It is different approach to connect radius with keycloak and may fullfill your needs. It is the first release an at the moment testing is ongoing. Also security is currently under testing…
Testing and suggestions are welcome!
I’m interested for sure and forked your project. I’ll be playing around with it over the next few weeks/days.
Hilariously, I was looking for some API bits to work on a project I titled radkey before I just decided to maybe give keyrad a go 
Right now, development is moving slowly because I’m very busy. In a couple weeks, I’ll have more time to work on it and hopefully publish a stable and functional version. It is more of a proof of concept at the moment.
keyrad 2.0.0—RADIUS bridge for Keycloak
We released version 2.0.0 of keyrad, an open-source RADIUS server that delegates authentication to Keycloak via the Resource Owner Password Credentials grant. This release is a significant step forward in correctness, security, and operability.
What’s new in 2.0.0
Message-Authenticator (RFC 2869)—keyrad now generates and validates the Message-Authenticator attribute on all Access-Request and Access-Accept/Reject/Challenge packets, closing a known spoofing vector present in older RADIUS implementations.
Calling-Station-Id forwarding—the NAS client identifier is now carried through the authentication pipeline and available for structured log correlation.
CIDR longest-prefix matching — clients.conf now resolves overlapping CIDR blocks correctly, picking the most specific match for incoming NAS addresses.
Docker support — a Dockerfile, docker-compose.example.yml, and updated documentation cover bridge and host networking modes, including the UDP port-mapping quirks specific to Docker on Linux vs. Mac/Windows.
Structured logging — replaced ad-hoc fmt.Printf debug output with zap-based structured logging and per-request correlation IDs, making log aggregation and tracing straightforward.
Security hardening — sync.RWMutex on the challenge state store (race condition fix), crypto/rand for RADIUS state generation, rejection of passwords ≤ 6 characters in OTP-split mode, and propagation of HTTP/JSON errors that were previously silently swallowed.
Unit tests — coverage added for message-authenticator handling, challenge store, attribute encoding, and RADIUS utility functions.
Known limitation
Some devices using RFC 2138 (RADIUS 1.0) cap passwords at 16 characters. This affects, e.g., Checkpoint firewalls older than R81.10—see the README for details.
Thanks to Ermoshkin Oleg for contributions.