Security

Reply
Occasional Contributor I
Posts: 7
Registered: ‎07-16-2015

CPPM and Paloalto API Integration - Username Manipulation

Hi,

 

I'm trying to link our CPPM 6.4 to our new Paloalto.

 

The issue is our wireless (eduroam) is authenticating with email addresses stored in AD/LDAP UPN field. For some students this is "acctname@uni.edu.au" and for staff it is "First.Last@uni.edu.au". Either way, this is completly different to what the PA is expecting. It wants acctname or DOMAIN\acctname. However our domain is "uni.ad.internal", or UNI\, so uni.edu.au\First.Last is no good.

 

I need to know if it is possible to manipulate the parameters in the API call to not use the UPN/authenticated full username, but instead use the short form of the user, and force the domain (UNI\) onto the strings. That is UNI\acctname

 

Are any of these usable:

Radius:IETF:User-Name

Authorization:(My LDAPS):ShortName

 

In this parameter?

https://{server_ip}/api/?type=user-id&action=set&key={key}&cmd={cmd}

 

Regards.

 

Moderator
Posts: 493
Registered: ‎11-09-2012

Re: CPPM and Paloalto API Integration - Username Manipulation

The parameters we show in the PANW context server screen cannot and should not be amended. I've been asking Engineering to remove this for a while now as it serves no purpose to you in the field and repeatably just like this posting leads to confusion.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor I
Posts: 7
Registered: ‎07-16-2015

Re: CPPM and Paloalto API Integration - Username Manipulation

I'll open a case and ask for assistance or if a custom engineering fix is available. I dont want to go via the syslog approach unless I have to.

 

Thanks

Search Airheads
Showing results for 
Search instead for 
Did you mean: