I am attempting to setup privacyIDEA in a way that will ease our migration from RSA SecurID AM over to this solution. To do so, I need to be able to forward existing users with RSA tokens/on-demand to the RSA SecurID RADIUS server.
The existing token for RADIUS does not handle challenge responses, but I have updated the token class to allow these to work. However, it only works if the user already has setup their PIN. For users with a new PIN, the RADIUS server responds with two challenges. The first one asks for a new PIN, the second asks you to confirm that PIN.
Is there a way to chain/spawn another challenge from within the check_challenge_response event to handle this?