search

jimdigriz / freeradius-oauth2-perl

FreeRADIUS OAuth2 (OpenID Connect) using rlm_perl
GNU Affero General Public License v3.0
129 stars 35 forks source link

freeradius-oauth2-perl with NAC Alcasar #29

Closed scoude closed 1 year ago

scoude commented 1 year ago

Hi, I don't think this is a bug, but I can't understand why the module doesn't seem to take into account my "realm" with the freeradius 3.0.22 used in the NAC Alcasar (https://alcasar.net /). In debug mode, the module seems to be loaded:

/usr/sbin/radiusd -Xd /etc/raddb/ | grep oauth2
including configuration file /etc/raddb//mods-enabled/oauth2
including configuration file /etc/raddb//policy.d/oauth2
  # Creating Auth-Type = oauth2
   # Loading module "oauth2_perl" from file /etc/raddb//mods-enabled/oauth2
   perl oauth2_perl {
         filename = "/opt/freeradius-oauth2-perl/main.pm"
   # Loading module "oauth2_cache" from file /etc/raddb//mods-enabled/oauth2
   cache oauth2_cache {
   # Instantiating module "oauth2_perl" from file /etc/raddb//mods-enabled/oauth2
rlm_perl:********************************************* oauth2 global* ************************************************** *
   # Instantiating module "oauth2_cache" from file /etc/raddb//mods-enabled/oauth2
rlm_cache (oauth2_cache): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
Compiling Auth-Type oauth2 for attr Auth-Type

But at the time of the test, here is what it gives:

> (0) policy oauth2.authorize {
> (0) if (&Realm && &User-Password && "%{config:realm[%{Realm}].oauth2.discovery}") {
> (0) if (&Realm && &User-Password && "%{config:realm[%{Realm}].oauth2.discovery}") -> FALSE
> (0) } # policy oauth2.authorize = noop

I tested the installation of the module on a Debian 11 machine with freeradius, it works well, I authenticate well with an email and a password on Office365! I took the same configurations in the Alcasar freeradius but it doesn't seem to "hang" my "realm"! Help please!

keitatie commented 1 year ago

Hello, I hope you are well. Have you found a solution to this problem? I have the same problem as you.

Thank you in advance for your help.

jimdigriz commented 1 year ago

There is not enough debugging to work from here, I am not really sure what I am expected to do?

As described in the 'support' section I need the output of freeradius -X not just the bits you think are important.

Sorry, going to close this as there is not enough to work on to help.

Do re-open the ticket if you have debugging logs to offer.