You will need to create a Genric SQL. I later releases it will be already included in CPPM.
For you non SQL savy guys I attached the source prebuilt.
Go to Configuration » Authentication » Sources and click import. The password for when you import the auth source is aruba123
You will need to change the appadmin password to match your cppm.
Generic SQL Authentication Source:
SELECT tag_value AS User_Password
FROM tips_endpoint_tag_mappings
JOIN tips_tag_values ON (tips_endpoint_tag_mappings.tag_value_id = tips_tag_values.id)
WHERE tips_endpoint_tag_mappings.instance_id =
(SELECT id
FROM tips_endpoints
WHERE mac_address = LOWER('%{Connection:Client-Mac-Address-NoDelim}'))
AND tips_tag_values.tag_id =
(SELECT id
FROM tips_tag_definitions
WHERE name = 'social_password'
AND entity_id =
(SELECT id
FROM tips_dic_internal
WHERE dic_prefix = 'Endpoint'));
Enforcement Policies: (Endpoint:social_vip EQUALS 1) OAuth VIP users (Endpoint:social_vip NOT_EQUALS 1) OAuth normal users
When adding a new filter to the above Authentication source with the query below and assign attribute name 'SP to Alias Name "SocialSP", you can user this in a role mapping policy.
SELECT tag_value AS SP
FROM tips_endpoint_tag_mappings
JOIN tips_tag_values ON (tips_endpoint_tag_mappings.tag_value_id = tips_tag_values.id)
WHERE tips_endpoint_tag_mappings.instance_id =
(SELECT id
FROM tips_endpoints
WHERE mac_address = LOWER('%{Connection:Client-Mac-Address-NoDelim}'))
AND tips_tag_values.tag_id =
(SELECT id
FROM tips_tag_definitions
WHERE name = 'social_method'
AND entity_id =
(SELECT id
FROM tips_dic_internal
WHERE dic_prefix = 'Endpoint'));