Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is there a format definition of the state attribute? #65

Open
tomtomgelb opened this issue Oct 25, 2023 · 0 comments
Open

Is there a format definition of the state attribute? #65

tomtomgelb opened this issue Oct 25, 2023 · 0 comments

Comments

@tomtomgelb
Copy link

Hi Cornelinux,

thanks for the good work so far.

We setup privacyIDEA with the privacyIDEA plugin for FreeRADIUS and implemented a server which does PAP for a VPN service in the first step. When successful a 16 Byte State is randomly generated and the access-request is answered with an access-challenge asking for an OTP. In the second step the State signals FreeRADIUS that PAP was ok in first step and an OTP should be forwarded to this perl plugin.
Within your plugin the State attribute is added to the urlparams and sent to the privacyIDEA https service.
Is there any format definition of a usable State, because the web api answers "wrong otp pin" unless I skip adding the State attribute in your code?
Is the State attribute needed at all?

our config of the State:
State := "%{randstr:aaaaaaaaaaaaaaaa}"

sample State:
perl: $RAD_REQUEST{'State'} = &request:State -> '0x6a563250693043544552357451426a6a'
[...]
rlm_perl: RAD_REQUEST: State = 0x6a563250693043544552357451426a6a
[...]
rlm_perl: state sent to privacyidea: jV2Pi0CTER5tQBjj
[...]
rlm_perl: urlparam state = jV2Pi0CTER5tQBjj

your code:
$params{'state'} = pack 'H*', $hexState;

Regards, Thomas

ps. RFC2865 5.24 does not define the length of state either
https://www.rfc-editor.org/rfc/rfc2865#section-5.24

@tomtomgelb tomtomgelb changed the title Is there a format definition the state attribute? Is there a format definition of the state attribute? Oct 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant