EAP-PEAP REST Authorize Multiple API Calls
Alan DeKok
aland at deployingradius.com
Wed Jan 9 16:51:46 CET 2019
On Jan 9, 2019, at 10:31 AM, Emile Swarts <emile at madetech.com> wrote:
> I use the rest module to authenticate with a custom API backend with
> EAP-PEAP.
> It works well apart from the fact that each request hits the backend API 3
> times.
With EAP, even the inner tunnel uses multiple round trips, and therefore multiple packets.
> I have no rest calls in my default virtual server, just the inner-tunnel.
>
> Does anyone have any ideas on how to fix this?
Do the REST call only once. :)
But more helpfully, do the rest call only if it wasn't already done. If you're using a recent version of server, you can use the "session-state" list to remember things across multiple packets.
> This is what my inner-tunnel virtual server looks like:
>
> server inner-tunnel {
> authorize {
> filter_username
> rest
Do something like:
if (!session-state.Tmp-String-0) {
rest
update session-state {
Tmp-String-0 := "done rest"
... and copy the attributes returned from rest to session-state!
}
} else {
update control {
... copy REST attributes from session-state to wherever...
}
}
There's a bit of glue to be done, but it should be clear enough.
Alan DeKok.
More information about the Freeradius-Users
mailing list