Security

Reply
Contributor II
Posts: 75
Registered: ‎05-06-2014

ClearPass can use attributes in certs to affect roles applied to devices - where do I learn more?

ClearPass can apparently use variables in x.509 certs, presented by clients within EAP-TLS auth, to change the role which is applied to individual clients.  How do I find out more about how ClearPass is configured to do this?  Also;  how do I find out how these cert variables might be manipulated, when the certs themselves are generated by CP OnBoard?    E.g. I want an OB user, approved by one Sponsor, to obtain different network access rights to a second OB user, approved by a different Sponsor...

Contributor II
Posts: 75
Registered: ‎05-06-2014

Re: ClearPass can use attributes in certs to affect roles applied to devices - where do I learn more

Er...   I think I may have found my own answer here, via this post:   https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-add-custom-attributes-to-the-Client-Certificate-during/ta-p/260778  

 

Anyone confirm that I'm on the right track..?

Guru Elite
Posts: 8,447
Registered: ‎09-08-2010

Re: ClearPass can use attributes in certs to affect roles applied to devices - where do I learn more

Yes, that would work.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: