@post-authentication

Variant of @post-execute for @authentication which is only executed for authentication requests. This is executed regardless of whether the main @authentication pipeline accepted or rejected the request, but is skipped if the @pre-authentication pipeline rejected the request.

Note: The @ prefix is required for pipeline blocks. The legacy syntax without @ (e.g., post-authentication {}) is deprecated and emits warnings. Use @post-authentication {} for new configurations.

Result of this pipeline is ignored; it cannot change the outcome of the request. However, it can modify the reply attributes, log information, or perform other side effects.

See also

• Execution context - Available variables
• Actions - Available actions
• Pipeline directives - Control flow

Example

@post-authentication {
    if all {
        aaa.result == "Accept";
    } then {
        log {
            message "User authenticated";
            context {
                username user.username;
            }
        }
    }
}