Security

Reply
Super Contributor II
Posts: 355
Registered: ‎02-22-2011

ClearPass - Endpoint Repository - Default filters

Can someone please explain how the default filters work for the Endpoint Repository authentication source?

 

For example, I want to add a new authentication filter to be able to perform authentication of a device based on a username that's not a MAC address. 

 

If i add a new filter such as below:

Name : UDID Authentication
Filter Query = SELECT UPPER(tag_value) AS User_Password FROM tips_endpoints_attr_view WHERE tag_name = 'UDID' and tag_value = LOWER('%{Authentication:Username}')

 

The authentication requests that come in fail as no user can be located. 

If however i modify the default filter which is in position 1 to run the same query with the same filtername, it works. 

 

Is Authentication to the endpoint repository specifically tied to one of the default filters? 

Why are there duplicate entries in the Endpoint Repository for the default filters?

 

 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: ClearPass - Endpoint Repository - Default filters

[ Edited ]
In order to pass auth, you need to use the Authentication filter.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II
Posts: 355
Registered: ‎02-22-2011

Re: ClearPass - Endpoint Repository - Default filters

What is unique about that filter? is it the position of the filter in the list? The name doesn't seem to matter, just the positioning. 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: ClearPass - Endpoint Repository - Default filters

It's an internal context for passing authentication. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II
Posts: 355
Registered: ‎02-22-2011

Re: ClearPass - Endpoint Repository - Default filters

Ok so what ties it to the internal authentication, the position in the list or the fact that it contains the Authentication label?   For example. If it leave the default settings and just add a new filter called "UDID Authentication" down the bottom of the list and then try and attempt authentication using the new attributes (i'm essentially trying to do MAC authentication but with the UDID as u/p instead). The authentication fails as the username cannot be found (presumably cause it's still looking for a MAC address).   If however i modify filter 1 and make it the UDID authentication (exactly the same filter) it works.   I'm confused as to the inner workings of this? Ultimately i'd like to be able to run both filters concurrently so that i can perform endpoint checks by MAC address for the services that suit them (eg 802.1x) and UDID mapping for the RADIUS enforcement of other applications (web based apps).  It seems there can only be one authentication filter, yet the default config has the Authentication filter listed twice for some reason. 

Search Airheads
Showing results for 
Search instead for 
Did you mean: