Closed cornelinux closed 4 years ago
In the PR i get such a response:
Sent Access-Request Id 2 from 0.0.0.0:40178 to 127.0.0.1:1812 length 44
User-Name = "hans"
User-Password = "hans"
Cleartext-Password = "hans"
Received Access-Accept Id 2 from 127.0.0.1:1812 to 0.0.0.0:0 length 98
Filter-Id = "matching 1 tokens"
Filter-Id = "otplen=6"
Class = 0x504953503030303145393838
Class = 0x7370617373
Reply-Message = "privacyIDEA access granted"
from an rlm_perl.ini configuration like this:
[Default]
URL = https://localhost/validate/check
SSL_CHECK = false
[Mapping]
serial = Class
type = Class
[Attribute Filter-Id]
radiusAttribute = Filter-Id
userAttribute = message
regex = (.*)
[Attribute 2]
radiusAttribute = Filter-Id
userAttribute = otplen
regex = (.*)
prefix = otplen=
and an HTTP response like this:
detail |
message | "matching 1 tokens"
otplen | 6
serial | "PISP0001E988"
threadid | 140401754359552
type | "spass"
(I think this is rather cool ;-)
We can now do attribute matching to allow multiple RADIUS attributes in the response like several Class attributes, that are usually used for putting users into groups.
rlm_perl expects multiple attributes to be returned in an array.
Closes #40