"Alejandro" == Alejandro Perez Mendez<[email protected]> writes:Alejandro> The problem with this case is that the intermediate proxy Alejandro> will need to perform a conversation with the RADIUS Alejandro> client (i.e. sending Acess-Challenge packets) to obtain Alejandro> all the fragments of the packet. Then, the proxy have to Alejandro> reconstruct the assertion, modify it and then start a new Alejandro> conversation with the RADIUS server sending the new Alejandro> fragments.Alejandro> I think it is possible, but that may be a lot of state to Alejandro> hold for a proxy. I'm confused because I thought the proxy would end up having to first have a conversation with the RADIUS server. Do you have server and client reversed? If not, would you help me better understand what's going on?
My mistake, sorry. I was initially thinking on a client-initiated conversation (e.g. SAML Authn Request). It would be as you say.
Is the proxy's state required any more than the state a server needs to retain for its outstanding fragmented requests?
No, it should be the same. But it would be more than usually required for a proxy (they usually receive, send and forget). Anyway, I'm not sure that is actually a big issue. I was just asking if it was.
Regards, Alejandro
--Sam
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
