FreeRADIUS with custom multi-factor authentication

Alex Perez-Mendez Alex.Perez-Mendez at jisc.ac.uk
Thu Feb 14 19:27:36 CET 2019 


El 14/2/19 a las 18:46, Alan DeKok escribió:
> On Feb 14, 2019, at 11:33 AM, Clint Lord <clint at voodoocube.com> wrote:
>> Thank you for your guidance, that provided us the high level direction we were looking for.
>    That's good.
>
>> The complexity of the web services we are using for username/password validation and MFA processing leads us to believe we need to use rlm_python to write the authorize method.  However we're not finding any documentation that tells us how to create access challenges or manage state from within our python code.  We are basically looking for the list of the objects and APIs that are available to us when we are writing the authorize method in python.
>    You can return different values from python, and then key off of that:
>
> 	python
> 	if (user ock) {
> 		challenge
> 		return
> 	}
>
>    As of 3.0.17 (I think) all of the lists are available to the Python module.  So you can do whatever you want, keep state in "session-state", and it should all just work.

As of 3.0.17 all of the lists are available to the Python module as an 
input (you need to explicitly activate it using the "pass_all_vps" 
option). That will pass a tuple of (request, reply, config, state, 
proxy_req, proxy_reply) instead of just request. However, for 3.0.17 you 
can only make updates to the "reply" and "config" lists.

As of 3.0.18 (soon to be released) we've included a dict-based in/out 
interface (using the "pass_all_vps_dict" option that) should make things 
simpler, as well as provide access to read and update all the lists.

Please, refer to 
https://github.com/alejandro-perez/freeradius-server/blob/v3.0.x/src/modules/rlm_python/example.py#L55 
for a more detailed example.

Best,

-- 
Alejandro Perez-Mendez
Technical Specialist (AAA), Trust & Identity
M (+34) 619 333 219
Skype alejandro_perez_mendez
jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.

More information about the Freeradius-Users mailing list