Is there a format definition of the state attribute?

[tomtomgelb]

Hi Cornelinux,

thanks for the good work so far.

We setup privacyIDEA with the privacyIDEA plugin for FreeRADIUS and implemented a server which does PAP for a VPN service in the first step. When successful a 16 Byte State is randomly generated and the access-request is answered with an access-challenge asking for an OTP. In the second step the State signals FreeRADIUS that PAP was ok in first step and an OTP should be forwarded to this perl plugin. Within your plugin the State attribute is added to the urlparams and sent to the privacyIDEA https service. Is there any format definition of a usable State, because the web api answers "wrong otp pin" unless I skip adding the State attribute in your code? Is the State attribute needed at all?

our config of the State: State := "%{randstr:aaaaaaaaaaaaaaaa}"

sample State: perl: $RAD_REQUEST{'State'} = &request:State -> '0x6a563250693043544552357451426a6a' [...] rlm_perl: RAD_REQUEST: State = 0x6a563250693043544552357451426a6a [...] rlm_perl: state sent to privacyidea: jV2Pi0CTER5tQBjj [...] rlm_perl: urlparam state = jV2Pi0CTER5tQBjj

your code: $params{'state'} = pack 'H*', $hexState;

Regards, Thomas

ps. RFC2865 5.24 does not define the length of state either https://www.rfc-editor.org/rfc/rfc2865#section-5.24