Regarding providing Custom TOTP MFA in freeradius
Alan DeKok
aland at deployingradius.com
Tue Apr 2 13:39:49 UTC 2024
On Apr 2, 2024, at 2:06 AM, Dineshkumar pachamuthu <dineshkumar.pachamuthu at gmail.com> wrote:
> I have recently been working and developing with the freeradius EAP protocol. I need to send access-challenge request with state and Reply-Message "Enter TOTP" inside of inner-tunnel of EAP-TTLS/PAP Protocol which will prompt the user to enter TOTP and send the access request again and will process and authenticate the user for MFA.
>
> I have gone through this solution inside the authorize section of inner-tunnel but the EAP module sends access-reject when doing this change, Please guide me in the proper direction on how to achieve this in our environment.
There is no mechanism in the EAP-TTLS protocol where you can send an Access-Challenge back to the end user device. Even if you sent a Reply-Message to it inside of the TTLS tunnel, the end user device would ignore it.
No EAP-TTLS supplicant supports prompting users with a challenge.
Alan DeKok.
More information about the Freeradius-Devel
mailing list