I am facing a small challenge due to the fact that the username in AD differs from the username in our RSA environment: I need to strip the first character from the AD username before sending it to the RSA server.
This can be done perfectly using a Radius Rewrite Action and Policy, but the policy can only be bound globally
Since there are multiple vServers configured and this is only required for one of the vservers, I am looking for a way to define the Radius Policy in such a way that it only applies for Radius requests for that specific vServer.
Can this be done via the Radius Rewrite Policy? For example by checking the URL (that belongs to the vServer)?
It might well be that that information is not present anymore when the Radius request is constructed on the Netscaler...
Another solution direction is to use an "unused" field in AD to store the RSA username, and extract that field for the Radius request; See method 2 from the link https://neil.spellings.net/2012/12/02/how-to-use-different-usernames-for-two-factor-authentication-on-access-gateway-advanced/
But I would prefer a solution that does not require a change in AD.
Thanks in advance for helping me out with this challenge!