Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Splitting/filtering Clearpass %{Authorization attributes?

This thread has been viewed 0 times

  • 1.  Splitting/filtering Clearpass %{Authorization attributes?

    Posted Jul 10, 2018 09:44 AM

    I'm trying to return user's AD groups to Fortigate firewall using Fortigate-Group-Name attribute. If I select %{Authorization:Contoso_AD:Groups} as the value, and user has three groups the return values is for example

     

    "Fortigate-Group-Name: Exchange_Users, SSLVPN_Marketing, SomeOtherGroup"

     

    Is it possible to either filter these so that CPPM would return only groups starting with SSLVPN or is it possible to have CPPM to return three attributes, one group per returned attribute? Either would work with Fortigate

     

    Thanks!



  • 2.  RE: Splitting/filtering Clearpass %{Authorization attributes?

    EMPLOYEE
    Posted Jul 10, 2018 09:51 AM
    No, you cannot.


  • 3.  RE: Splitting/filtering Clearpass %{Authorization attributes?

    Posted Jul 10, 2018 10:08 AM

    Hmm I guess I need to figure some workaround then. Either script this so that when ever our helpdesk adds new SSLVPN* group it gets created on CPPM with roles to match.

     

    Or maybe I could create another authentication source and have a filter there that would only take SSLVPN* groups from AD