<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace"><font size="2"><span style="font-size:11pt;"><font
size="2"><span style="font-size:11pt;"></span></font></span></font>Hi
Alex,<br>
<br>
thank you very much for your reply. It's interesting and
instructive, but not truly the point I asked for.<br>
<br>
The question to Heikki was about the missing documentation for the
Handler parameter *UseRequestContext*.<br>
<br>
I know the RADIUS challenge-response mechanism defined in the RFC
with the state attribute, but sometimes I need much more context
between the two authentication stages in our 2FA (MFA) solution
with privacyIDEA. For this I can use the <a class="moz-txt-link-freetext" href="Radius::Context">Radius::Context</a> package,
this is also used in AuthOTP<br>
<br>
But anyway, I'm just curious about the *UseRequestContext*
parameter in der Handler and for what it will be useful.<br>
<br>
Best regards, Charly</font><br>
<font size="2"><span style="font-size:11pt;"><font size="2"><span
style="font-size:11pt;"></span></font></span></font><br>
Am 11.05.23 um 16:34 schrieb <a class="moz-txt-link-abbreviated" href="mailto:Alexander.Hartmaier@telekom.com">Alexander.Hartmaier@telekom.com</a>:<br>
<blockquote type="cite"
cite="mid:FR3P281MB15988AA3AFC4E56F6BCB703AFB749@FR3P281MB1598.DEUP281.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
Hi Karl,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
the Radius protocol has the 'State' attribute for this. A Radius
client has to include the State attribute unmodified in
subsequent requests, when the Radius Server sets it in a
response.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
I use it to differentiate primary authentication (most of the
time user/pass against Active Directory) and 2FA:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
# 2FA check<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<code class="ContentPasted0"><span class="k ContentPasted0"><Handler</span>
Client-Identifier="radius-client",
Request-Type="Access-Request", State="otp-email-challenge"></code></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<code class="ContentPasted0 ContentPasted2"><span class="k
ContentPasted0 ContentPasted2"><Handler</span>
Client-Identifier="radius-client",
Request-Type="Access-Request", State="otp-sms-challenge"></code><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
# primary auth<code class="ContentPasted1"><span class="k
ContentPasted1"><br>
</span></code></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<code class="ContentPasted0"><code class="ContentPasted1"><span
class="k ContentPasted1"><Handler</span>
Client-Identifier="radius-client",
Request-Type="Access-Request"></code><br>
</code></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
I'm setting the State attribute in a Hook:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<pre class="code highlight" lang="cisco_ios"><span class="line ContentPasted4" lang="cisco_ios"><span class="k ContentPasted4"> <AuthBy</span> OTP></span>
<span class="line ContentPasted4" lang="cisco_ios"><span class="k ContentPasted4"> PasswordPattern</span> aaaaaa</span>
<span class="line ContentPasted4" lang="cisco_ios"><span class="k ContentPasted4"> ContextTimeout</span> 300</span>
<span class="line ContentPasted4" lang="cisco_ios"><span class="k ContentPasted4"> ChallengeHook</span> sub { <a class="moz-txt-link-freetext" href="Hooks::sendMail(">Hooks::sendMail(</a> @_, 'additional-parameter' ); }</span>
<span class="line" lang="cisco_ios"><span class="k ContentPasted4"> </AuthBy></span></span>
</pre>
<pre class="code highlight" lang="perl"><span data-testid="content" class="line" lang="perl"><span class="hljs-function"><span class="hljs-keyword ContentPasted5">
sub</span><span class="hljs-function ContentPasted5"> </span><span class="hljs-title ContentPasted5">sendMail</span><span class="hljs-function ContentPasted5"> </span></span><span class="ContentPasted5">{</span></span>
<span data-testid="content" class="line" lang="perl"><span class="ContentPasted5"> </span><span class="hljs-keyword ContentPasted5">my</span><span class="ContentPasted5"> </span><span class="ContentPasted5">(</span><span class="ContentPasted5">$self</span><span class="ContentPasted5">, </span><span class="ContentPasted5">$user</span><span class="ContentPasted5">, </span><span class="ContentPasted5">$p</span><span class="ContentPasted5">, </span><span class="ContentPasted5">$context</span><span class="ContentPasted5">, </span><span class="ContentPasted5">$customer</span><span class="ContentPasted5">) </span><span class="ContentPasted5">= </span><span class="ContentPasted5">@_</span><span class="ContentPasted5">;</span></span>
</pre>
....<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<code><span class="ContentPasted3"> $p</span><span
class="ContentPasted3">->{rp}</span><span
class="ContentPasted3">-</span><span class="ContentPasted3">></span><span
class="ContentPasted3">addAttrByNum</span><span
class="ContentPasted3">(</span><span class="ContentPasted3">$<a class="moz-txt-link-freetext" href="Radius::Radius::STATE">Radius::Radius::STATE</a></span><span
class="ContentPasted3">,
</span><span class="hljs-string ContentPasted3">"otp-email-challenge"</span><span
class="ContentPasted3">)</span><span class="ContentPasted3">;</span></code></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
}<br>
</div>
<div class="elementToProof">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div>
<div>Best regards, Alex</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>