We use the rest module to call our backend server during post-auth for additional processing. When the request is locally terminated EAP-TLS, the request attribute list contains all of the TLS certificate attributes. We have a feature request that requires access to one of these TLS client cert attributes in post-auth (TLS-Client-Cert-Subject-Alt-Name-Uri). When the request is proxied this information is not available in post-auth. Does this mean it's not possible to see this data in a proxy configuration? Or does FreeRADIUS just not provide it because the eap module was not called. In other words, in lieu of FR not providing this for us, could EAP-Message be parsed to manually extract this data? Or is the information simply not there? We're trying to determine if this is still a viable option in a proxy environment. Thanks for any insights.