Security

Reply
Regular Contributor II

EAP-TLS and hours since last auth question

Hi forum,

 

I have an eap-tls  ssid that should take you to a web page for a login if you have authenticated  8 hours a go.

it is actually for iPads that have been onboarded and someone's shift is over 8 hours later, clearpass is expected to push back a user-role that takes you to a login page and the counter starts again.

 

i have for testing set it to be 5 minutes, but it "fail to get attribute" minutes sincs auth. insight is actually in my authorization source in the service. The first line should allow you access and the second line showld take you to the user_role to be asked for credentials.

(Authentication:OuterMethod  EQUALS  EAP-TLS
AND  (Authorization:[Insight Repository]:Minutes-Since-Auth  LESS_THAN  5
Onboard Post-Provisioning, [Allow Access Profile]
2. (Authentication:OuterMethod  EQUALS  EAP-TLS
AND  (Authorization:[Insight Repository]:Minutes-Since-Auth  GREATER_THAN  5
web_auth_aruba_user_role 

 

 

any idea what's missing or how do I achieve this?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: