Why? If the front end authenticates the user, the back end can just assume that the user has been authenticated. It doesn't need to re-authenticate the user.
Alan DeKok.
Let me explain the configuration. Old configuration : Cisco ISE with RADIUS server which returns to client Cisco-AVPair for authorization by domain login/password. What I want: Add FreeRADIUS server for mfa authentication. The first attempt: Add FreeRADIUS (3.0.27) as proxy (frontend) (which should provide mfa authentication) to Cisco ISE (backend) which should still return Cisco-AVPair for authorization by domain login/password. Obstacles : It seems FreeRADIUS proxies request after authorization section and skips authentications section. So is it possible to implement such a configuration or should I think about a different approach ? Regards, Andrei