Fortinet Forti Authenticator

Leverage ClearPass authentication events to update the Single Sign-On process on the Fortinet appliance so all ClearPass authenticated users are automatically authenticated on the upstream firewall. Essentially creating the username to IP address binding on the firewall based on the ClearPass authentication event

AH contributor: cam

Specifications

 

Administration -> External Servers -> Endpoint Context Servers

Select Server Type

Generic HTTP

Server Name

<Your integration name>

On-Premise based URL

https://192.168.0.122

Username

<Your username>

Password

<Your password> 

Administration -> Dictionaries -> Context Server Actions

Action Tab

Server Type

Generic HTTP

Server Name

<Select your integration name>

Action Name

<Describe the action>

HTTP Method

POST

URL

/api/v1/ssoauth/

Header Tab

Header Name/Header Value

Content-type=application/json

Content Tab

Content-Type

JSON

Content

{"event":"1","username":"%{Authentication:Username}","user_ip":"Connection:Client-IP-Address"}

Tips & Tricks

This integration assumes that the authentication request in ClearPass is based on a Layer 3 authentication method such as Guest Captive Portal. This is required to ensure the IP address of the end user device is known at the time of authentication. Layer 2 methods such as 802.1x or MAC authentication wont have the required IP address details at the time of authentication.
Version history
Revision #:
6 of 6
Last update:
‎11-19-2014 11:56 PM
Updated by:
 
Labels (2)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.