Default Reject, Accept if member of group #652
Comments
|
If someone could just point me to the part of the code where the group membership check happens, I'm sure I can do this myself. If there is also a place where I could put a checkbox to enable or disable my modification, I can add that too. |
|
@clstrickland I wonder did you find workaround for it? we are having same exact issue. |
I found where the default decision is made in the source code. I need to look into adding a gui option to change it. If someone could help with that I'd appreciate it. It is line 111 in keycloak-plugins\radius-plugin\src\main\java\com\github\vzakharchenko\radius\radius\handlers\attributes\AbstractKeycloakAttributes.java |
|
Thank you for reply, unfortunately not capable enough to help on this. |
|
One possible workaround, I found, is to evaluate the permission on the RADIUS client side: You assign a custom attribute to a certain user role, and configure the RADIUS client so that this attribute is required. For example, I am using RADIUS to authenticate VPN users on Mikrotik router. I created a |
Is your feature request related to a problem? Please describe.
I have multiple groups. For this, I only worry about "WiFi" and "VPN". In my domain, there are some accounts that shouldn't have access to any networking, some that should have WiFi but not VPN, and some that have both.
Describe the solution you'd like
I would like to have groups like so:
Connect-Infoattribute)Connect-Info == "WiFi"Connect-Info == "VPN"Connect-Info == "WiFi" or "VPN"Describe alternatives you've considered
I have tried every combination of
REJECT_RADIUS,REJECT_Connect-Info, andACCEPT_Connect-Infothat I can think of, but I cannot get this behavior working. I cannot seem to handle the case of users who have no membership (users who do not have access to anything).The text was updated successfully, but these errors were encountered: