FirePass VPN: "STATE" attribute issue with second factor authentication (Access-Challenge mode)
When Validation Server is running in Access-Challenge mode, it validates the username, password sent in the first radius request. If the provided username, password provided in the first radius request is valid, then radius access challenge will be thrown to the client. Radius Access challenge message will have ‘STATE’ attribute as per RFC.
When client responds to radius Access-Challenge, it should include the “STATE” attribute value which it received in Access Challenge message.
Current firepass vpn is not including the “STATE” attribute in second radius request which is it received as part of radius Access-Challenge packet.
Because of this Validation Server is treating the second radius request as one having username and LDAP password.
Has anyone observed this issue earlier? Is there any solution for this?
Please reply back ASAP.