Creating Realm Selection Scripts
This chapter describes developing realm selection scripts that execute built-in methods or more advanced script logic to authenticate requests. This chapter contains these topics:
Steel-Belted Radius Carrier executes built-in or scripted realm selection methods to determine the authentication realm for processing a request. For built-in methods, you specify the methods and their order of execution in the [Processing] section of the proxy.ini configuration file. You specify matching rules in the [Realms] and [Directed] sections. For more information about the proxy.ini configuration file, see the section on Realm Configuration Files in the SBR Carrier Reference Guide.
You can also specify a realm selection script for the inner authentication setting of tunneled authentication methods using Web GUI.
Realm selection scripts are useful when your realm selection strategy is too complex to be implemented using basic matching rules. Realm selection scripts can perform any of these actions:
Retrieve RADIUS request attribute and process their values.
Execute program logic to determine the realm name.
Execute built-in Steel-Belted Radius Carrier realm selection methods.
Invoke SQL queries and LDAP searches, and process the results.
Specify a profile to be merged with the response.
Change the authentication username.