if

The if clause allows conditional execution of blocks within authentication, authorization, and accounting pipelines. It evaluates a specified condition and executes the enclosed blocks only if the condition is met.

Syntax

If clauses are defined as:

if <all | any | none> {
    <namespace attribute> <comparison operator> <value>;
    <namespace attribute> <comparison operator> [<value> <value> <value>];
    ...
} then {
    # Actions to execute when conditions match
}

Optional else if and else clauses can be added:

if <all | any | none> {
    <namespace attribute> <comparison operator> <value>;
    ...
} then {
    # Actions when first conditions match
} else if <all | any | none> {
    <namespace attribute> <comparison operator> <value>;
    ...
} then {
    # Actions when second conditions match
} else {
    # Actions when no conditions match
}

Supported matching strategies are:

all: All condition rules must match
any: Any condition rule must match
none: None of the condition rules must match

Example

aaa {
    policy "MANAGEMENT" {
        handler "AUTHENTICATION" {
            authentication {
                # Add write privilege for users found from the internal file backend
                if all {
                    user.backend == "USERS_INTERNAL_FILE";
                } then {
                    modify {
                        user.privilege = "write";
                    }
                }

                http-management-authentication;
            }
        }
    }
}

Comparison Operators - for comparison operators.
Execution Context - for namespace attributes.
Data Types

if

Syntax

Example

Related pages