Problem : The NPS server is not setting the RADIUS attributes if radius challenge-response is used by my custom NPS extension to additionally verify the user. RADIUS auth protocol used is PAP.
My logic for challenge verification :
- During repAuthorization extension point, rcAccessChallenge response code will be set along with a state.
- During the next repAuthentication point, based on the state, challenge value will be verified and rcAccessAccept response code will be set.
As per Azure MFA NPS extension documentation when text based MFA is used, RADIUS attributes won't be forwarded.
Questions
- Is the behavior of NPS server or is there any workaround to achieve this or any development going to overcome this behavior ?
- Also I can see a constant definition "EnforceNetworkPolicyForPAPBasedChallengeResponse" at Authif.h header which seems more like a registry value. Does this has anything to do with the problem or requirement ?