FreeRADIUS
FreeRADIUS copied to clipboard
privacyidea
Add Push Token Functionality
- added push token compatibility
- new configuration values added to poll for challenges, and authenticate with administrative/service account
- Note: RADIUS client timeout must be set to a value higher than the privacyIDEA challenge timeout for proper functionality
Closes #38
Sorry for missing any response.
@droobah So you are polling in the RADIUS response. How did you handle timeouts? Usually RADIUS timeouts are rather short like 5 seconds.
We had to change the timeout on all systems connecting to the RADIUS server.
The only other way I could see to do it would be to send back a fake challenge to request the user to accept it on the device and then type in “1111” or some arbitrary value to continue.
The arbitrary value would be necessary as the majority of interfaces utilizing RADIUS do not allow an empty response.
I don’t feel either method is perfect.
We added a push_wait policy, maybe after your PR here. Actually privacyIDEA waits with the response to the RADIUS server. Maybe you also want to take a look into this?
The problem is that the out of band auth with push can not work well with a protocol like RADIUS.
Thanks for your PR anyways. We can not promise to look into it very soon.
Yeah, this PR was done before the push_wait was added to privacyIDEA. You've also added another method of polling since then, so this PR is most likely obsolete and definitely out of date from the current release.