Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Passing authentication info on to other devices

This thread has been viewed 2 times

  • 1.  Passing authentication info on to other devices

    MVP
    Posted Aug 08, 2013 01:24 PM

    Hello,

     

    Trying to push Clearpass instead of another brand through a proof of concept. "Clearpass is amazing so no problem" I hear you say? :smileyvery-happy:

    You would be right, but the competition has one major advantage.

    Apparently when a user authenticates on that B-brand device the users authentication status is relayed to a few external devices (i.e. bluecoat proxy) so that the user does not need to log in additionally on those devices. Furthermore bluecoat can apparently use the info to give different permissions to that user.

     

    Now I hear Clearpass might support SSO in a future version but we can't wait for that.

    Sofar all we've come up with is to drop the different users (groups realy) into different vlans so bluecoat can use the subnet and make decisions that way but that has poor scaleable at best and a plethora of other problems associated with it.

     

    So please, who has a trick to relay extra info to that Bluecoat? Doesn't have to be clearpass config.. if we can use bluecoat tricks to do the same that's fine as well.

     

     



  • 2.  RE: Passing authentication info on to other devices

    EMPLOYEE
    Posted Aug 08, 2013 07:02 PM

    AFAIK, Clearpass supports SSO today (6.2).  We also support OKTA as well.



  • 3.  RE: Passing authentication info on to other devices

    MVP
    Posted Aug 09, 2013 03:35 AM

    Clearpass supports SSO for its own services yes, but does it support SSO with other devices? Point me in the right direction please.

    We'd need to capture guest logon credential, classify the user and pass that on to a Bluecoat proxy.

     



  • 4.  RE: Passing authentication info on to other devices

    EMPLOYEE
    Posted Aug 09, 2013 04:05 AM
    Correct, ClearPass its self does not act as SSO server. You can use a SSO token to authenticate a user to CPPM or to the network.

    There is an integration with palo alto to pass user information, but currently that is the only firewall.


  • 5.  RE: Passing authentication info on to other devices

    MVP
    Posted Aug 12, 2013 08:47 AM

    So nobody has anything of the sort implemented? :smileysad:

    Guess that OKTA is about the only good sollution then.



  • 6.  RE: Passing authentication info on to other devices

    Posted Feb 07, 2015 11:51 AM

    Is there a solution ?, I am trying to solve this too...



  • 7.  RE: Passing authentication info on to other devices

    EMPLOYEE
    Posted Feb 07, 2015 11:54 AM
    What are you trying to integrate with? Does your device have an XML API? 


  • 8.  RE: Passing authentication info on to other devices

    Posted Feb 07, 2015 12:29 PM

    Bluecoat Threatpulse Cloud Proxy



  • 9.  RE: Passing authentication info on to other devices

    EMPLOYEE
    Posted Feb 07, 2015 12:37 PM
    What does it accept? 

    RADIUS accounting? RESTful API? 


  • 10.  RE: Passing authentication info on to other devices

    Posted Feb 07, 2015 12:46 PM

    When we ship CPPM 6.5 in about 2-3 weeks we will have the ability to proxy/forward radius acounting we receive from the NAS/NAD to a defined target per service definition.

     

    We will also be able to add vendor specific VSA's....