Security

Reply
jua
New Contributor

Splitting/filtering Clearpass %{Authorization attributes?

I'm trying to return user's AD groups to Fortigate firewall using Fortigate-Group-Name attribute. If I select %{Authorization:Contoso_AD:Groups} as the value, and user has three groups the return values is for example

 

"Fortigate-Group-Name: Exchange_Users, SSLVPN_Marketing, SomeOtherGroup"

 

Is it possible to either filter these so that CPPM would return only groups starting with SSLVPN or is it possible to have CPPM to return three attributes, one group per returned attribute? Either would work with Fortigate

 

Thanks!

Guru Elite

Re: Splitting/filtering Clearpass %{Authorization attributes?

No, you cannot.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
jua
New Contributor

Re: Splitting/filtering Clearpass %{Authorization attributes?

Hmm I guess I need to figure some workaround then. Either script this so that when ever our helpdesk adds new SSLVPN* group it gets created on CPPM with roles to match.

 

Or maybe I could create another authentication source and have a filter there that would only take SSLVPN* groups from AD

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: