Hi Shivam,
"OnAuthAccept" is triggered after successful authentication, so if your "realm" is persistent, the entry should be already created in the session store by this time.
For your use case, you do NOT need custom authenticaiton class, you can skip that.
All you have to do is this :
1. Change the realm to persistent.
2. Protecth the realm with any auth shceme (OOTB form or basic will do )
3. Create OnAuthAccept rule , and link a response of type "WebAgent-OnAuthAccept-Session-Variable" which would set the result returned by your Active Response (refer to my KB)
4. Create a variable and configure it to read the session variable (as per the screenshot above)
5. Use the variable in the Policy -->Expression.
The variables are not evaluated until it is used (during AZ) so it should have no problem accessing the session variable.
Let me know if any question.
Regards,
Ujwol Shrestha