Security

I need to setup guest authorisation based on the ESSID that the guest signed up via, so I need to check the ESSID value that is stored in the ESSID field of the guest user repository. I can't see this option in the drop down box after selecting Authorization[guest user repository] on the role mapping page. Am I looking in the wrong place?

You would do this via the service for guest auth.  It should be RADIUS:Aruba --> Aruba-ESSID-Name --> EQUALS --> Value

Seth,

    This wont work in my situation, I need to check the ESSID that is stored as part of the guest user account - I dont want to grant access via a connection on SSID "A" unless the account was created on SSID "A". The same guest connecting to SSID "B" needs to create a new account with ESSID "B" stored against the account, hence I need to check after the service has been matched.

Sounds tricky, any help on how to do this would be appreciated.

not tricky at all :)

if you create a endpoint or user you can add attribute, you can check on these during the policy evaluation in the enforcement.

what is the part you are unsure of?

Sorry I missed the last reply. Adding an attribute must be done manually, yes? we may have thousands of guest usesrs signing-up so this is not an option. I'm unsure of how to write a custom attribute to the database.

No, you don't set it automagically. I haven't really gone through this in detail, but there should be several ways to get this done.

You can add an attribute in the registration form. Test for the value of this attribute during authentication.

OR  you add the attribute after first authentication. Check how the Enf profile "Guest MAC Caching" adds attributes to the Endpoint. Here you can for example use Source (which is the name of the registration page).