2FA Challenge via Proxy Realm with valid State
billnoyce75 at gmail.com
Wed Feb 12 16:47:21 CET 2020
I was hoping to follow the clearly written Wiki article:
My problem is that the 2FA Radius Proxy used to verify the OTP requires a
valid State value, so currently the login process is a 3 step process! I
have allowed State in the Pre-Proxy Attributes filter.
So the current flow is:
1) Username/Password request via AD LDAP
2) Unsuccessful OTP request with invalid State value ( returns valid State
value from the remote OTP Radius server )
3) Successful OTP request
Anyone able to suggest how I go about getting a valid State value from the
OTP radius during the first Access-Request so that the
first Access-Challenge response contains this valid State value?
More information about the Freeradius-Users