Add support for the Chargeable-User-Identity RADIUS AVP

  • 2
  • Idea
  • Updated 5 years ago
This is a feature request for all educational customers who are part of the eduroam federation. (The business case for doing this would be differentiation from competitors and better integration to help drive sales in to Universities that have eduroam deployed worldwide.)

At present, HiveOS / HiveManager does not support the Chargeable-User-Identity RADIUS AVP.

It would be great if Aerohive would consider adding support for this attribute and adding new a new table column to Active Clients, Wireless Client and Wired Clients in HiveManager to display it.

By adding support, this would ideally mean that HiveOS would also account with the attribute.

Additionally, where a Chargeable-User-Identity is returned by a RADIUS server, it should override and usurp the User-Name AVP as the identity within HiveOS / HiveManager used to uniquely identify a discrete user among multiple device's connections. (For example the, features that add application visibility and control.)

At present, only the User-Name is shown and this is inherently flawed as you will frequently only see anonymous@realm, duplicated for many users, garbage or a spoofed identity due to HiveOS only being privy to the EAPOL supplied outer identity. (The RADIUS server has no opportunity to return the EAP inner-identity in the User-Name AVP as it is never privy to it as the request is sent on to a proxy.)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes

Posted 5 years ago

  • 2

There are no replies.