[RADIATOR] missing documentation for Handler parameter: UseRequestContext

Karl Gaissmaier karl.gaissmaier at uni-ulm.de
Thu May 11 19:31:03 UTC 2023 

Hi Alex,

thank you very much for your reply. It's interesting and instructive, 
but not truly the point I asked for.

The question to Heikki was about the missing documentation for the 
Handler parameter *UseRequestContext*.

I know the RADIUS challenge-response mechanism defined in the RFC with 
the state attribute, but sometimes I need much more context between the 
two authentication stages in our 2FA (MFA) solution with privacyIDEA. 
For this I can use the Radius::Context package, this is also used in AuthOTP

But anyway, I'm just curious about the  *UseRequestContext* parameter in 
der Handler and for what it will be useful.

Best regards,   Charly

Am 11.05.23 um 16:34 schrieb Alexander.Hartmaier at telekom.com:
> Hi Karl,
> the Radius protocol has the 'State' attribute for this. A Radius 
> client has to include the State attribute unmodified in subsequent 
> requests, when the Radius Server sets it in a response.
>
> I use it to differentiate primary authentication (most of the time 
> user/pass against Active Directory) and 2FA:
>
> # 2FA check
> |<Handler Client-Identifier="radius-client", 
> Request-Type="Access-Request", State="otp-email-challenge">|
> |<Handler Client-Identifier="radius-client", 
> Request-Type="Access-Request", State="otp-sms-challenge">|
>
> # primary auth|
> |
> ||<Handler Client-Identifier="radius-client", 
> Request-Type="Access-Request">|
> |
>
> I'm setting the State attribute in a Hook:
>
> <AuthBy OTP>
>         PasswordPattern aaaaaa
>         ContextTimeout  300
>         ChallengeHook   sub { Hooks::sendMail( @_, 
> 'additional-parameter' ); }
>     </AuthBy>
> subsendMail{
> my($self, $user, $p, $context, $customer) = @_;
>          ....
>
> |   $p->{rp}->addAttrByNum($Radius::Radius::STATE, 
> "otp-email-challenge");|
> }
>
> Best regards, Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20230511/5da4bfda/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5894 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20230511/5da4bfda/attachment.p7s>

More information about the radiator mailing list