Security

Hi all

I have a customer who has given me a URL that I should be able to use to autheticate guest users but I'm unsure of how it all fits together. Is there any documentation around for using an external XML source as an auth source?

I've set it up as an endpoint context server and created a GET method but can't see what I'm supposed to do with the attributes or where this fits into my guest service.

Any help would be very much appreciated.

You should ask your customer:

"What should it be used for?" and

"What method is being used to authenticate?" to understand what they are trying to do.

They also need to give you the URL and if possible the HTML to understand what is being done.  They have to make you understand what is necessary to make it work, and why they want to do it that way.

They want a user to type in their library card number and pin as the username and password. I think I may have setup the context server action but now I'm trying to edit the login page and I can't see how you alter the form. I know how to do it for a self reg but can't see the option for a basic login screen.

The answer is, it depends.  See if one of the Clearpass Exchange recipes here:  http://community.arubanetworks.com/t5/ClearPass-Exchange-Recipes/tkbc-p/clearpass-recipes describe the technology your customer is using..

The generic HTTP section just takes you to the user guide :-(

All the others are for JSON and SAML. 

What is your customer using?  I'm just sending you links because I don't have a clue...

You can't use an External Context Server for authentication. They are used to execute an outbound action on an external server.

For your case, you will want to use an HTTP Authentication Source (Configuration > Authentication > Sources > Add > [HTTP]). See page 188 of the 6.5 ClearPass Policy Manager User Guide. Note that there are significant restrictions on this type of authentication source. The HTTP server you're using must support Basic authentication (username/password). The HTTP server must respond with at 200 OK upon successful authentication. The payload returned must be single-level JSON content which will be parsed by ClearPass (should you need to pass some authorization info back to ClearPass).

Yes, this seems to be the case. If I can use this external server as an authorization source, I can do what I need. Trying to work out how I can send an API call using variables from the initial guest authentication at the moment. The URL requires the following:

http://<ip>/librarydatabase/<library_number>

I've got the library number from when they registered on the portal but can't work out how to use that as a variable. I tried using %{GuestUser:barcode} but that gets sent to the server like that, rather than CPPM replacing it with a variable.