I am looking for a case where RE-AUTH-REQUEST is sent to NAS with subscriber credentials captured via web Portal (web-logon) case.
From RFC 6733, we do have two options set in REAUTH-REQUEST-TYPE AVP of the action expected. From my use-case standpoint, I would like to inform
NAS to take AUTHENTICATE_ONLY action by sending AA-Request for credential validation.
Since this is not specified as part of this RFC, do you see this needs to be addressed?
RE-AUTH-REQUEST-TYPE AVP
The Re-Auth-Request-Type AVP (AVP Code 285) is of type Enumerated and is included in application-specific auth answers to inform the client of the action expected upon expiration of the Authorization-Lifetime. If the answer message contains an Authorization-Lifetime AVP with a positive value, the Re-Auth-Request-Type AVP MUST be present in an answer message. The following values are defined:
AUTHORIZE_ONLY 0
An authorization only re-auth is expected upon expiration of the Authorization-Lifetime. This is the default value if the AVP is not present in answer messages that include the Authorization-Lifetime.
AUTHORIZE_AUTHENTICATE 1
An authentication and authorization re-auth is expected upon expiration of the Authorization-Lifetime.