No Privilege for Insight

MVP
MVP

Problem:

After ClearPass upgrade to version 6.6.0, when we try to login to ClearPass Insight with AD credentials, we might see the below error:



Diagnostics:

During this error condition, ClearPass Insight logs shows the following :

2017-03-26 07:23:58,568 INFO Response xml: <AppLoginResponse xmlns="http://www.avendasys.com"><Status>SUCCESS</Status><Attributes Name="AuthRequestId" Value="W00000017-09-574262b6"/><Attributes Name="admin_privileges" Value="Super Administrator"/></AppLoginResponse>
2017-03-26 07:23:58,569 INFO User Group Name=Super Administrator
2017-03-26 07:23:58,790 ERROR Fetch Operator Profile failed, nameSmiley Frustrateduper Administrator

Traceback (most recent call last):
File "/usr/local/avenda/tips/insight/lib/web/login.py", line 269, in fetch_operator_privileges
res = urllib2.urlopen(req)
File "/usr/lib64/python2.6/urllib2.py", line 126, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib64/python2.6/urllib2.py", line 397, in open
response = meth(req, response)
File "/usr/lib64/python2.6/urllib2.py", line 510, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python2.6/urllib2.py", line 435, in error
return self._call_chain(*args)
File "/usr/lib64/python2.6/urllib2.py", line 369, in _call_chain
result = func(*args)
File "/usr/lib64/python2.6/urllib2.py", line 518, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
HTTPError: HTTP Error 404: Not Found
2016-05-23 07:23:58,791 INFO Insight Privileges=None



Solution

To resolve this issue, we need to modify ClearPass Policy Manager Enforcement Profile to directly return the name of  the Operator Profile as "admin_privileges" attribute value.

Suppose, if Super Administrator is the value of admin_privilege attribute, then we need to create a profile under Home » Administration » Operator Logins » Profiles with the name Super Administrator, with appropriate privileges to Insight. 

Access tracker output showing the value of Super Administrator for admin_privileges.

Super Administrator operator profile created in ClearPass Guest >> Home » Administration » Operator Logins » Profiles with Full Access privileged Access for Insight:

Version history
Revision #:
3 of 3
Last update:
‎01-03-2018 03:56 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: