Is it possible to use the realm that is sent as a request as part of role mapping or attribute mapping?
We have a legacy radius configuration that uses a format of:
username@role
To determine the specified role that the user is requesting. This allows an end-user to specify the desired role as part of the request (i.e. user@guest, user@staff). I could create a separate service/role mapping for every role, but we have about 140 roles that need to be mapped. Ideally I would like to be able to use a single service/policy that does the equivalent of:
1. User authenticates with: $user@$role
2. Authenticate $user
3. If $role in User "Groups" attributes grant access AND return "Class=$role", else Deny
Any ideas of how to implement this in a single service? Thanks.