REST module Access-Reject 401 Reply-Message
Alan DeKok
aland at deployingradius.com
Thu Feb 11 14:57:28 CET 2021
On Feb 11, 2021, at 6:33 AM, Adrian Smith via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Question regarding the REST module please.
>
> If we return a 401 which gets translated into an Access-Reject, is there any way to pass something back from REST which can be put into the reply message?
Both the 401 and the normal case call rest_response_decode(), which decodes data in the REST reply.
If there's no data in the 401 reply, then the module returns "reject". If there is data in the 401 reply, then it's added to the request (as with normal replies), and then the module returns "fail".
> In our scenario each user can have a maximum number of sessions, and if that limit is reached, we want to pass that specific error back in the Access-Reject.
You should be able to just return data in the 401 reply.
As for the RADIUS side, pretty much the only thing you can put into the Access-Reject is Reply-Message. That might (or might not) get shown to the user.
Alan DeKok.
More information about the Freeradius-Users
mailing list