Some applications or services that wish to use a Moonshot RP Proxy as their gateway to the world of Moonshot may require some custom configuration in the Moonshot RP Proxy's configuration files.
2. Modifying the returned RADIUS reply
FreeRADIUS allows the RADIUS reply returned from the Moonshot IdP to be modified by adding or removing attributes, transforming attributes or reusing attributes to create new ones. The file to typically modify is the
The location of FreeRADIUS'
abfab-tr-idp file will differ depending on the distribution that you installed it on.
- On Debian, this will be /etc/freeradius/sites-available/abfab-tr-idp
- On RHEL/CentOS/SL, this will be /etc/raddb/sites-available/abfab-tr-idp
This assumes you installed as a package - if you built it by hand, it'll be wherever you configured it to live.
2.1. Adding the User-Name attribute
User-Name attribute is generally removed by the IdP from a response it sends. However, in some instances, services (like the Apache HTTPD) are more easily configured by passing the
User-Name attribute along to pass into environment variables or other Apache attributes.
As an example, if you wanted to use the Moonshot-Host-TargetedId returned by a Moonshot IdP as a user name in a system, you can simply do the following in the
post-auth section of the
The above assumes that you will want to overwrite any existing value in
User-Name. If you want to only set it if it does not exist, use the
= operator instead of