Security

Reply
Occasional Contributor II
Posts: 40
Registered: ‎04-22-2016

Clearpass API to Change Status

I'm looking for the correct API syntax to change device status in Clearpass. Users who complete the process of transitioning from a captive role to an authorized role for access are not being reauthorized and as a result I'd like to force that reauthorization with a Change Status: [Aruba Terminate Session] to force a role refresh.

 

The API documention speaks about Change Status but it appears to be separate from the functionality I need. Thank you!

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Clearpass API to Change Status

In API Explorer, take a look at Identity > Endpoint which will give all the
attributes for an endpoint including the status.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 40
Registered: ‎04-22-2016

Re: Clearpass API to Change Status

[ Edited ]

Thank you for the quick response, Tim.

 

I looked at the endpoint status attribute, but that appears to be restricted to Known, Unknown and Disabled. Would changing this attribute value cause the endsystem to reauthenticate against Radius? Would I need to make the API call to the controller instead?

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Clearpass API to Change Status

My apologies, my answer was the opposite of what you asked. Misread.

 

Try using Danny's solution here:

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Clearpass-COA-disconnect-using-API/td-p/257285

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 40
Registered: ‎04-22-2016

Re: Clearpass API to Change Status

No worries - this looks very promising, I'll give it a shot. Thanks again!!

Search Airheads
Showing results for 
Search instead for 
Did you mean: