You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We setup privacyIDEA with the privacyIDEA plugin for FreeRADIUS and implemented a server which does PAP for a VPN service in the first step. When successful a 16 Byte State is randomly generated and the access-request is answered with an access-challenge asking for an OTP. In the second step the State signals FreeRADIUS that PAP was ok in first step and an OTP should be forwarded to this perl plugin.
Within your plugin the State attribute is added to the urlparams and sent to the privacyIDEA https service.
Is there any format definition of a usable State, because the web api answers "wrong otp pin" unless I skip adding the State attribute in your code?
Is the State attribute needed at all?
our config of the State:
State := "%{randstr:aaaaaaaaaaaaaaaa}"
sample State:
perl: $RAD_REQUEST{'State'} = &request:State -> '0x6a563250693043544552357451426a6a'
[...]
rlm_perl: RAD_REQUEST: State = 0x6a563250693043544552357451426a6a
[...]
rlm_perl: state sent to privacyidea: jV2Pi0CTER5tQBjj
[...]
rlm_perl: urlparam state = jV2Pi0CTER5tQBjj
your code:
$params{'state'} = pack 'H*', $hexState;
Hi Cornelinux,
thanks for the good work so far.
We setup privacyIDEA with the privacyIDEA plugin for FreeRADIUS and implemented a server which does PAP for a VPN service in the first step. When successful a 16 Byte State is randomly generated and the access-request is answered with an access-challenge asking for an OTP. In the second step the State signals FreeRADIUS that PAP was ok in first step and an OTP should be forwarded to this perl plugin.
Within your plugin the State attribute is added to the urlparams and sent to the privacyIDEA https service.
Is there any format definition of a usable State, because the web api answers "wrong otp pin" unless I skip adding the State attribute in your code?
Is the State attribute needed at all?
our config of the State:
State := "%{randstr:aaaaaaaaaaaaaaaa}"
sample State:
perl: $RAD_REQUEST{'State'} = &request:State -> '0x6a563250693043544552357451426a6a'
[...]
rlm_perl: RAD_REQUEST: State = 0x6a563250693043544552357451426a6a
[...]
rlm_perl: state sent to privacyidea: jV2Pi0CTER5tQBjj
[...]
rlm_perl: urlparam state = jV2Pi0CTER5tQBjj
your code:
$params{'state'} = pack 'H*', $hexState;
Regards, Thomas
ps. RFC2865 5.24 does not define the length of state either
https://www.rfc-editor.org/rfc/rfc2865#section-5.24
The text was updated successfully, but these errors were encountered: