TLS Client Certificate Attributes with proxy
jhbulk75
jhbulk75 at gmail.com
Tue Apr 22 15:59:01 UTC 2025
We use the rest module to call our backend server during post-auth for
additional processing. When the request is locally terminated EAP-TLS, the
request attribute list contains all of the TLS certificate attributes. We
have a feature request that requires access to one of these TLS client cert
attributes in post-auth (TLS-Client-Cert-Subject-Alt-Name-Uri).
When the request is proxied this information is not available in post-auth.
Does this mean it's not possible to see this data in a proxy configuration?
Or does FreeRADIUS just not provide it because the eap module was not
called.
In other words, in lieu of FR not providing this for us, could EAP-Message
be parsed to manually extract this data? Or is the information simply not
there? We're trying to determine if this is still a viable option in a
proxy environment.
Thanks for any insights.
More information about the Freeradius-Users
mailing list