Forum Discussion
Stanislas_Piro2
Sep 25, 2018Cumulonimbus
I hope you don't want to authenticate user in subroutine with password entered in per session policy!
If this is the requirement, authenticate the user in per session policy, but delete successful branch... with this, the variable session.radius.last.result will contain the authentication result.
then in subroutine, check if the authentication succeeded with a empty box and a branch expression :
expr { [mcget {session.radius.last.result}] == 1 }
Imagine if the user entered a one time password and browse the website before match subroutine condition, the password may have been expired when subroutine is evaluated.
Another behavior can be a password changed during this time (AD password, ...)