[RADIATOR] matching based on one value of an attribute multiple times in request

Hartmaier Alexander alexander.hartmaier at t-systems.at
Thu Jul 13 10:59:43 UTC 2017


I'm trying to build a solution to authorize users to log into devices
based on their group membership in our NMS.

We use ClientListSQL to generate the Client config blocks and I've used
the OSC-Authorize-Group attribute for add the group id's to the request
attributes like:


A Handler for example matches on OSC-Authorize-Group=123, which works as
long as the device is only member of this single group but not if in
multiple like in the above example.

I haven't found an example how to match on the value of an attribute
which occurs multiple times in the authentication request, is it possible?

A workaround would be to make ClientListSQL add
OSC-Authorize-Group=123,456 to the request and matching the value with a
regex, which would be quite complicated but handle all cases without
e.g. allowing access to a device in group 1234 when only 123 should be

Any hints how to solve this?

Best regards, Alexander Hartmaier

T-Systems Austria GesmbH
TSS Security Services
Network Security & Monitoring Engineer

phone: +43(0)676-8642-4320

T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.

More information about the radiator mailing list