On May 7, 2020, at 2:17 PM, Michael A Carpenter - macarpen@us.ibm.com <macarpen@us.ibm.com> wrote:
I'm trying to return the Vendor-Specific attribute with value "H=4,I=4" using the rlm_rest module. I've tried the following authorization response payloads:
{"Attr-26": "0x483d342c493d34"}
{"Vendor-Specific": "H=4,I=4"}
Both resulted in error:
Please don't do that. It's terrible. If you need that in order to interoperate with an idiot vendor, fine. But if you're doing something yourself, this is 1000% the wrong thing to do. You *cannot* and *should not* specify values for the Vendor-Specific attribute. That attribute does not have values like other attributes. Instead, it carries a 32-bit vendor number, followed by encapsulated vendor attributes. So... why are you doing this?
Any suggestions for what might be incompatible about the value?
It fails to follow the RFCs. See https://tools.ietf.org/html/rfc8044#section-3.14 Which defines the "vsa" data type, for the Vendor-Specific attribute. As the author of that specification, I feel uniquely qualified to say that your usage of Vendor-Specific is wrong. :) Alan DeKok.