Combine Meridian & ClearPass to improve user experience

Combine Meridian & ClearPass to improve user experience - 2/3

By fgiraud posted Nov 22, 2016 07:13 PM

Kudos

If you are a good student, you will have already learnt how to authenticate Meridian users via ClearPass in the first episode of this trilogy).

Now, what I want to share with you is how to add value to the “integration”. This means adding some custom parameters for the Meridian user who authenticates, parameters we’ll use later to deliver specific content (in the last chapter of this series).

We stopped earlier at the point where, when the user authenticates in Meridian, we can get a token associated with the user. With this token, we’ll be able to ask for additional parameters and then use these as we want.

Just a quick reminder of the current flow:

Let’s now configure ClearPass for additional parameters:

ClearPass configuration

In my example, I want to associate a web page displaying a specific agenda for the guest who connects into the Merdian App. To do this, the plan is to use an “Agenda ID” which will be generated during the guest creation (self-registration or pre-registration, we don’t already know …).

Fist I need to add this parameter in the ClearPass guest fields (I named it “visitor_agenda”):

Then we need to add this field to the guest registration form:

And finally we add this parameter in the enforcement profile we created earlier (in the first blog) and which is associated with the Meridian authentication.

In the snapshot above we can see some attributes. Let’s explain these:

agenda: this is the agenda ID (associated with the guest field visitor_agenda) we’ll use later to generate custom agenda web page
info, name, badge and image: these are specific Meridian attributes which are used in the Account details of the Meridian App (you’ll see at the end of this blog a snapshot showing this)
email and Sales Account: are fields I planned to use for statistics / reporting

As you certainly understood, in this enforcement profile we can use both static attributes (such as “B10 Guest” associated to info attributes) or dynamic ones (in this example we use guest attributes for all the other fields: “%{GuestUse:Email}” for example means “the Email associated with the guest”).

I can give another example which uses parameters coming from an AD Authentication source:

Finally, the real detailed flow is the following:

Test it!

As we did for the basic authentication, let’s now verify everything is working.

We created a guest vader@starwars.com and associated some parameters (such as agenda id for example) in the guest management
First, we can test using HTTPIE command line tool (or CURL, or the fantastic Chrome App: Postman).
We use two lines to simulates this:
- One command to ask for a token:
  
  http –verify=no POST https://meridian@<ClearPassIP or hostname>/api/oauth grant_type=password username=<guest username> password=<guest password>
- Another one to get custom attributes (using the token):
  
  http –verify=no POST https://<ClearPassIP or hostname>/api/oauth/me Authorization:"Bearer <access_token>"

We can see all our attributes.

And we can see also the info in ClearPass:

And finally a real test:

Finally, we have all the custom information we need in order to deliver custom content. We can already see custom data in the account details, but that’s not enough. I said, “I want to display custom agenda for each user who authenticates in my Meridian App”.

So we now need to be able to use the famous “Agenda ID” in order to generate dynamic / custom web page. This will be part of the final chapter of this trilogy so stay tuned.

#LocationServices
#ALE
#Meridian

4 comments

2 views

Comments

fgiraud

Mar 29, 2017 09:27 AM

Hi Eduardo,

I got some time to play with Custom Endpoint notification in Meridian. So the principal is really to use a 3rd party server (for example with apache web server + DB, my use case :)).

To be more detailed, when a device come near a proximity beacon with Custom Endpoint Campaign, a message is posted to the 3rd party server via a url. In this message, you can get device id (id of the device in Meridian), Beacon id (in Broadcaster ID), campaign ID, is_enter (true ou false) and finally the access token you will use to get user details via CPPM OAuth:

Message sent from Meridian And so using this, I built a python script (which is called via the Meridian 3rd party URL configuration field, and then run using cgi in my Apache server) in order to get user info + updates some data in database (for example increment some points) and finally the result of the script (simply printed in stdout) gives the following notification.
Custom Campaign

The format of the output is very simple (json):

{ "result":"success",

"notification": {

"title": "Title",

"message": "Hello world!",

"path": "pages/5770237022568448"

}

And I think you can remove the "result":"success" part.

Fabien

fgiraud

Nov 25, 2016 04:56 PM

And if you stay tuned, I plan to write soon the last episod of this blog trilogy soon. In this last part I won't describe custom push notifications, but displaying custom web page based on CPPM authentication (using the CPPM token).

This will be a good starting point for what you plan to build :)

fgiraud

Nov 25, 2016 04:50 PM

Hi Eduardo,

I don't think using ClearPass directly as a "3rd party notification server + database" is the good way to do it.

But you can definitively use another DB server and get custom notification (based on CPPM authentication) when getting close to a beacon.

I think I have one slide around this. If you want I can send you.

Fabien

eduardo.paredes.burga

Nov 25, 2016 11:10 AM

Hello, can I use ClearPass as an External Web Server for custom notifications and integrate it with a database?

For example:

Regards,

Blogs