Me again
So I've successfully done 2FA with Radius and Connection server authentication in the past. I'm doing another one now with a different Radius solution which unlike previous ones requires the AD authentication first with Radius second. This is because upon successfuly AD authentication an SMS is sent to the authenticating user's phone with the OTP which they can then enter on the next prompt.
This basically means that sp-auth needs to be followed by radius-auth., but this doesn't seem possible:
Can these be swapped around?