Add Push Token Functionality #28
Conversation
- added push token compatibility - Note: RADIUS client timeout must be set to a value higher than the privacyIDEA challenge timeout
|
Sorry for missing any response. @droobah So you are polling in the RADIUS response. How did you handle timeouts? |
|
We had to change the timeout on all systems connecting to the RADIUS server. The only other way I could see to do it would be to send back a fake challenge to request the user to accept it on the device and then type in “1111” or some arbitrary value to continue. The arbitrary value would be necessary as the majority of interfaces utilizing RADIUS do not allow an empty response. I don’t feel either method is perfect. |
|
We added a push_wait policy, maybe after your PR here. The problem is that the out of band auth with push can not work well with a protocol like RADIUS. Thanks for your PR anyways. We can not promise to look into it very soon. |
|
Yeah, this PR was done before the push_wait was added to privacyIDEA. You've also added another method of polling since then, so this PR is most likely obsolete and definitely out of date from the current release. |
|
However, it is a good starting point :-) |
| my $continue_poll = true; | ||
| my $challenge_found = false; | ||
| do { | ||
| sleep(5); |
There was a problem hiding this comment.
You are blocking the RADIUS request in the freeradius server.
So the VPN is still waiting for a RADIUS response from the RADIUS server and the UDP request will soon time out.
How would this be better than having privacyIDEA itself using push_wait?
Closes #38