Vendor-Specific attribute with rlm_rest
Alan DeKok
aland at deployingradius.com
Thu May 7 20:45:09 CEST 2020
> On May 7, 2020, at 2:17 PM, Michael A Carpenter - macarpen at us.ibm.com <macarpen at us.ibm.com> wrote:
>
> I'm trying to return the Vendor-Specific attribute with value "H=4,I=4" using the rlm_rest module. I've tried the following authorization response payloads:
>
> {"Attr-26": "0x483d342c493d34"}
>
> {"Vendor-Specific": "H=4,I=4"}
>
> Both resulted in error:
Please don't do that. It's terrible. If you need that in order to interoperate with an idiot vendor, fine. But if you're doing something yourself, this is 1000% the wrong thing to do.
You *cannot* and *should not* specify values for the Vendor-Specific attribute. That attribute does not have values like other attributes. Instead, it carries a 32-bit vendor number, followed by encapsulated vendor attributes.
So... why are you doing this?
> Any suggestions for what might be incompatible about the value?
It fails to follow the RFCs. See
https://tools.ietf.org/html/rfc8044#section-3.14
Which defines the "vsa" data type, for the Vendor-Specific attribute.
As the author of that specification, I feel uniquely qualified to say that your usage of Vendor-Specific is wrong. :)
Alan DeKok.
More information about the Freeradius-Users
mailing list