Hi Alex,thank you very much for your reply. It's interesting and instructive, but not truly the point I asked for.
The question to Heikki was about the missing documentation for the Handler parameter *UseRequestContext*.
I know the RADIUS challenge-response mechanism defined in the RFC with the state attribute, but sometimes I need much more context between the two authentication stages in our 2FA (MFA) solution with privacyIDEA. For this I can use the Radius::Context package, this is also used in AuthOTP
But anyway, I'm just curious about the *UseRequestContext* parameter in der Handler and for what it will be useful.
Best regards, Charly Am 11.05.23 um 16:34 schrieb [email protected]:
Hi Karl,the Radius protocol has the 'State' attribute for this. A Radius client has to include the State attribute unmodified in subsequent requests, when the Radius Server sets it in a response.I use it to differentiate primary authentication (most of the time user/pass against Active Directory) and 2FA:# 2FA check|<Handler Client-Identifier="radius-client", Request-Type="Access-Request", State="otp-email-challenge">| |<Handler Client-Identifier="radius-client", Request-Type="Access-Request", State="otp-sms-challenge">|# primary auth| |||<Handler Client-Identifier="radius-client", Request-Type="Access-Request">|| I'm setting the State attribute in a Hook: <AuthBy OTP> PasswordPattern aaaaaa ContextTimeout 300ChallengeHook sub { Hooks::sendMail( @_, 'additional-parameter' ); }</AuthBy> subsendMail{ my($self, $user, $p, $context, $customer) = @_; ....| $p->{rp}->addAttrByNum($Radius::Radius::STATE, "otp-email-challenge");|} Best regards, Alex
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
