Configure this rule to obtain the user name or the chain short name from user-specified details in the RADIUS client. The details obtained from the RADIUS client are sent to the RADIUS server for validating users. To enable the RADIUS client to select a specific chain for authenticating a user based on the obtained chain short name, use this rule along with the Chain selection rule.
To configure the input rule, perform the following steps:
Navigate to Policies > RADIUS Options.
Click Add in the Input rules section.
Specify the following details based on your requirement:
Target-Input-Attribute: Specify the attribute or variable that carries the user specified data to the RADIUS server in the Access-Request packet.
Source-Input-Attribute: Specify the attribute that stores the user-specified details.
Regular expression: Specify the condition to obtain user-specified details.
Result specification
Comment: If any.
Click OK.
Example 1: You can define the input rule as follows to obtain chain short name from user specified <username>&<short-chain-name> in the Username while logging in to the RADIUS client:
Target-Input-Attribute: chain_name
Source-Input-Attribute: User-Name
Regular expression: (.+)&(.+)
Result specification: Extract chain from User-Name and put into "chain_name" variable
After you configure, the rule looks as follows:
chain_name / User-Name / (.+)&(.+) / {2}
Example 2: You can define the following input rules to achieve the following:
Rule 1: To extract the password and set to the variable, User-Password:
Target-Input-Attribute: User-Password
Source-Input-Attribute: User-Password
Regular expression: (.*)(.{6})
Result specification: {1}
Rule 2: To extract the six digits OTP from password and set to the variable, User-OTP:
Target-Input-Attribute: User-OTP
Source-Input-Attribute: User-Password
Result specification: {2}
After you configure, the rules are displayed as follows:
User-Password / User-Password / (.*)(.{6}) / {1}
User-OTP / User-Password / (.*)(.{6}) / {2}