Leverage ClearPass authentication events to update the Single Sign-On process on the Fortinet appliance so all ClearPass authenticated users are automatically authenticated on the upstream firewall. Essentially creating the username to IP address binding on the firewall based on the ClearPass authentication event
AH contributor: cam
Specifications
Administration -> External Servers -> Endpoint Context Servers
|
Select Server Type
|
Generic HTTP |
Server Name
|
<Your integration name> |
On-Premise based URL
|
https://192.168.0.122 |
Username
|
<Your username> |
Password
|
<Your password> |
Administration -> Dictionaries -> Context Server Actions
|
Action Tab
|
Server Type
|
Generic HTTP |
Server Name
|
<Select your integration name> |
Action Name
|
<Describe the action> |
HTTP Method
|
POST |
URL
|
/api/v1/ssoauth/ |
Header Tab
|
Header Name/Header Value
|
Content-type=application/json |
Content Tab
|
Content-Type
|
JSON |
Content
|
{"event":"1","username":"%{Authentication:Username}","user_ip":"Connection:Client-IP-Address"}
|
Tips & Tricks
|
| This integration assumes that the authentication request in ClearPass is based on a Layer 3 authentication method such as Guest Captive Portal. This is required to ensure the IP address of the end user device is known at the time of authentication. Layer 2 methods such as 802.1x or MAC authentication wont have the required IP address details at the time of authentication. |