01-14-2016 12:23 PM
I have an eap-tls ssid that should take you to a web page for a login if you have authenticated 8 hours a go.
it is actually for iPads that have been onboarded and someone's shift is over 8 hours later, clearpass is expected to push back a user-role that takes you to a login page and the counter starts again.
i have for testing set it to be 5 minutes, but it "fail to get attribute" minutes sincs auth. insight is actually in my authorization source in the service. The first line should allow you access and the second line showld take you to the user_role to be asked for credentials.
|(Authentication:OuterMethod EQUALS EAP-TLS) |
AND (Authorization:[Insight Repository]:Minutes-Since-Auth LESS_THAN 5)
|Onboard Post-Provisioning, [Allow Access Profile]|
|2. (Authentication:OuterMethod EQUALS EAP-TLS) |
AND (Authorization:[Insight Repository]:Minutes-Since-Auth GREATER_THAN 5)
any idea what's missing or how do I achieve this?