03-27-2015 04:05 AM
I notice that ClearPass Guest has the abiltiy to access external SOAP based services. Our primary IPAM system can either be accessed via a SOAP interface or by directly accessing the back end MSSQL database. Up till now I've created some simple Authentication sources accessing the MSSQL database directly. However,there's some authorization information I need to access that looks as if is only accessible via their SOAP api. If ClearPass supported stored procedures it might be doable in SQL but I'm guessing that it would be a nightmare to do it with the available SQL interface.
Is it possible to create a ClearPass policy manager authentication source that uses SOAP to access an external service?
03-27-2015 04:09 AM
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
03-27-2015 04:17 AM
We keep track of all devices on our network through it, all vlans and ip address assignments for each interface on a device.
While I can use SQL to pul back the hostname, and IP address of a device, what I also need to do is get hold of the vlan name/numeric value associated with the assigned IP address. I can then send this value back in the Access-Accept packetas a Tunnelled Private Group id attribute.
From the M&M tech support .....
:"To get the vlan the IP is associated to, you need to query the mm_ipamranges table, but first you need to convert the IP to its hex/IPv6 representation, then compare that with the from and to columns in the mm_ipamranges table. This will give you multiple ranges so you need to either sort by to-from difference and use only the first value, or manually find the narrowest range.
Using the SOAP is a much better option, because this is kept in memory in Central, and you only need a single command to get the appropriate Range. I therefore recommend you implement SOAP into your application, because it would both be simpler and perform better. Otherwise, there is no option other than go through the exercise above directly in SQL.