Security

Reply
New Contributor
Posts: 5
Registered: ‎07-16-2013

ClearPass External HTTP Source - Authentication

Hello,

 

I'd like to use Clearpass authenticating users using an external HTTP API.

 

So it seems possible use a external "http source" as authentication source.

It isn't so well documented, but it seems that fits my needs.

 

When I try to use this custom source into a Service profile (radius) I've got :


"HTTP type Authentication Source is not supported for RADIUS services"

 

But if it isn't possible to use a HTTP source for Radius authentication, it seems pretty useless ... 99,99% of authentication comes from controller or VirtualController (Arubanetworks) or other devices that can talk only Radius for authentication.

 

How can I authenticate users provvisioned into external system that exports REST API?

 

Regards

Guru Elite
Posts: 8,781
Registered: ‎09-08-2010

Re: ClearPass External HTTP Source - Authentication

It's really an authorization source, not authentication.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,781
Registered: ‎09-08-2010

Re: ClearPass External HTTP Source - Authentication

It's really an authorization source, not authentication.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 5
Registered: ‎07-16-2013

Re: ClearPass External HTTP Source - Authentication

Thank you Tim,

 

Do you think there's any "workaround" to manage this scenario?

 

Authentication using external services is becoming a pretty common scenario. Usually all backends are moving from exposing SQL database structure, to a REST/API interface (middleware). 

 

In fact, it seems that Arubanetworks is developing more and more interfaces for external authentication backend (SAML / Okta / etc) but a present time any other customer's "custom" backend is impossible to integrate with.

 

 Regards

Guru Elite
Posts: 8,781
Registered: ‎09-08-2010

Re: ClearPass External HTTP Source - Authentication

Most modern authentication is handled via OAuth2 or SAMl, not direct REST calls. Most scenarios we come across leverage REST calls for authorization.

If you have a specific use case, please submit an RFE.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,781
Registered: ‎09-08-2010

Re: ClearPass External HTTP Source - Authentication

Most modern authentication is handled via OAuth2 or SAMl, not direct REST calls. Most scenarios we come across leverage REST calls for authorization.

If you have a specific use case, please submit an RFE.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 5
Registered: ‎07-16-2013

Re: ClearPass External HTTP Source - Authentication

Hi,

 

I agree with you that SAML and OAuth can be a good solution.

They are more secure, standard, well documented...

 

But IMHO I think that they are acceptable for  enterprise authentication (employee) or if you want to interact with external authentication services that are outside your network borders.

 

I'm talking about a easier use case.  A guest captive portal that needs authenticate user on an internal backend, without using Clearpass provisioning workflow.

 

It this case, I think, that overload that comes from SAML (use bouncing between different page) or OAuth is absolutelly unwanted and unecessary.

 

I think that it could be  problems with Apple CNA or Android CNA.

 

In any case, I agree with you... Best choice for me is open a RFE, but on latest documentation HTTP is already mentioned as authentication source (not authorization) so I should be better open a Bug fix request ;-)

 

I'm kidding. ;-)

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: