Hi Arran, Try as I might, I couldn't figure out where to put this successfully in sites-enabled/default:
rest { updated = 1 } if (updated) { ok }
What I ended up trying (and what worked for me) was that I modified rlm_rest.c to return 'ok' even in the presence of a body during the 'authenticate' phase: diff --git a/src/modules/rlm_rest/rlm_rest.c b/src/modules/rlm_rest/rlm_rest.c index 7cd1b45..2d9a033 100644 --- a/src/modules/rlm_rest/rlm_rest.c +++ b/src/modules/rlm_rest/rlm_rest.c @@ -513,7 +513,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re ret = rest_response_decode(inst, section, request, handle); if (ret < 0) rcode = RLM_MODULE_FAIL; else if (ret == 0) rcode = RLM_MODULE_OK; - else rcode = RLM_MODULE_UPDATED; + else rcode = RLM_MODULE_OK; break; } else if (hcode < 500) { rcode = RLM_MODULE_INVALID; This is the only change I needed to have my scenario working. Indeed, the Filter-ID attribute is retrieved from the JSON payload of the HTTP response and is automatically appended to the returned Access-Accept message, as I needed it to be. Since I'm OK with having a modified rlm_rest module this appears the simplest way for me to get the required behavior in my situation. Thanks, -Martin