Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎06-14-2016

Clearpass Sponsor Lookup SAML/ADFS

Does anyone know if you can do sponsor lookups via ADFS or SAML?

 

 

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Clearpass Sponsor Lookup SAML/ADFS

SAML is an authentication method. You can do lookups against an LDAP server only.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 11
Registered: ‎06-14-2016

Re: Clearpass Sponsor Lookup SAML/ADFS

Server guy suggestion I've never implemented it.

So what's the preferred method of doing sponsor lookups against several domain controllers?
Please visit us at http://www.teletech.com
............................................................
This EMAIL and any attachments may contain confidential, proprietary and/or privileged information. If you are not the intended recipient, please immediately notify the sender by return email, and delete this communication and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be subject to criminal and civil proceedings. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by TeleTech Holdings.
............................................................
Guru Elite
Posts: 20,814
Registered: ‎03-29-2007

Re: Clearpass Sponsor Lookup SAML/ADFS

Are they different domains?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎06-14-2016

Re: Clearpass Sponsor Lookup SAML/ADFS

They're all under our domain.com structure but basically we have a pair per geographical region with the primary in one datacenter and the secondary in the geographical region.

So we may have

Domain.com
Country.domain.com
Country2.domain.com

Basically 5 different DC pairs. Writing CPPM rules are a blast because of this.


Please visit us at http://www.teletech.com
............................................................
This EMAIL and any attachments may contain confidential, proprietary and/or privileged information. If you are not the intended recipient, please immediately notify the sender by return email, and delete this communication and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be subject to criminal and civil proceedings. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by TeleTech Holdings.
............................................................
Guru Elite
Posts: 20,814
Registered: ‎03-29-2007

Re: Clearpass Sponsor Lookup SAML/ADFS

Do you already have sponsorship lookups working via LDAP?   You should do that first to get the feel of it before deciding if you possibly want to do that with multiple domains.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎06-14-2016

Re: Clearpass Sponsor Lookup SAML/ADFS

I do. can it look across 5 servers?
Please visit us at http://www.teletech.com
............................................................
This EMAIL and any attachments may contain confidential, proprietary and/or privileged information. If you are not the intended recipient, please immediately notify the sender by return email, and delete this communication and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be subject to criminal and civil proceedings. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by TeleTech Holdings.
............................................................
Guru Elite
Posts: 20,814
Registered: ‎03-29-2007

Re: Clearpass Sponsor Lookup SAML/ADFS

Unfortunately only a single server is supported at a time..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎06-14-2016

Re: Clearpass Sponsor Lookup SAML/ADFS

So the only solution is probably going to be OpenLdap acting as a proxy to farm the query across all servers.

Please visit us at http://www.teletech.com
............................................................
This EMAIL and any attachments may contain confidential, proprietary and/or privileged information. If you are not the intended recipient, please immediately notify the sender by return email, and delete this communication and any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be subject to criminal and civil proceedings. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by TeleTech Holdings.
............................................................
Guru Elite
Posts: 20,814
Registered: ‎03-29-2007

Re: Clearpass Sponsor Lookup SAML/ADFS

I guess the big question is, do you want to have guests pull up every "Robert" at the company to request a guest account?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: