From my tests the conclusion is as follows:
- authentication text method is as follows :
- User gets redirected to external page
- External page sends back to the iAP only a POST entry with text : "authenticated"
- radius authentication as follows:
- User gets redirected to external page
- external page returns the username and password and other hidden attributes to the iAP
- iAP checks the information against the RADIUS server configured
- based on the check the client would get in post auth role
- if you are using the "role based auth" then based on the answer back from your RADIUS you could have triggers to select other post auth roles.