On 25/02/16 13:22, Christian Strauf wrote:
Hi Paul,
The cached inner user-name is precisely the bit of information we're struggling to obtain :( yes, I was referring to the Jonathan's approach to introduce a separate RADIUS attribute e.g. "Inner-Tunnel-User-Name" or something similar that you could set with the inner user name during the authentication process. That together with CoA very likely solves your problem.
Yes, I introduced a new attribute Inner-User-Name and I am setting a value in the inner tunnel server. However, this does not get saved to the SSL/TLS cache so when there is an authentication for a resumed session, we can't access that attribute. I'm trying to figure out how to cache other stuff with the TLS attributes that can be pulled back later on. Thanks, Jonathan