How to edit guest account post authentication

Aruba Employee

CPPM can integrate with external SQL sources including MSSQL, Oracle, and PostgreSQL.  When CPPM is authenticating users against these external SQL sources, it is possible to make dynamic updates to the user account records based upon certain authentication conditions.  This document walks through the steps for such integration with the example of using ClearPass Guest 3.9 as an external PostgreSQL authentication source.

For instructions on how to set up CPPM with an external SQL Authentication Source such as ClearPass Guest or other External Authentication SQL server, refer to KB: How to use ClearPass Guest as external SQL Authentication Source

 

Below is an example with external database and how CPPM can update the expiration to be 8 hours post authentication if the expiration is not set:
 
1. In the External SQL server we need to have the respective guest user table, for example, user_table with columns of 
id, user_id, password, expire_time, role
2. While creating a guest user or users in the External SQL server we can create a guest user(s) without any expiration time. 
3. In CPPM define attribute to add filter query for tips_dashboard_summary table or  tips_radius_session_log to query and if we see the user_name; example SELECT user_name, FROM tips_radius_session_log
4. Add another attribute to update expire_time for the user_id match from above step in External SQL server; example, UPDATE user_table SET expire_time = Now() + 'Interval 8 hours' where expire_time is null; SELECT 1 as update_ok;
Note : We have selected 8 hours as an example, but we can set any value as per the requirement.
5. Add update_ok with alias name UpdateOk
6. Add a Authorization attribute as "%{authorization:ExternalSQL:UpdateOk}"
7. Create a condition in RADIUS Enforcement Policy based on any condition.
Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 11:51 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: