No Privilege for Insight

By esupport posted Jan 03, 2018 06:34 AM



After ClearPass upgrade to version 6.6.0, when we try to login to ClearPass Insight with AD credentials, we might see the below error:


During this error condition, ClearPass Insight logs shows the following :

2017-03-26 07:23:58,568 INFO Response xml: <AppLoginResponse xmlns=""><Status>SUCCESS</Status><Attributes Name="AuthRequestId" Value="W00000017-09-574262b6"/><Attributes Name="admin_privileges" Value="Super Administrator"/></AppLoginResponse>
2017-03-26 07:23:58,569 INFO User Group Name=Super Administrator
2017-03-26 07:23:58,790 ERROR Fetch Operator Profile failed, name:Super Administrator

Traceback (most recent call last):
File "/usr/local/avenda/tips/insight/lib/web/", line 269, in fetch_operator_privileges
res = urllib2.urlopen(req)
File "/usr/lib64/python2.6/", line 126, in urlopen
return, data, timeout)
File "/usr/lib64/python2.6/", line 397, in open
response = meth(req, response)
File "/usr/lib64/python2.6/", line 510, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python2.6/", line 435, in error
return self._call_chain(*args)
File "/usr/lib64/python2.6/", line 369, in _call_chain
result = func(*args)
File "/usr/lib64/python2.6/", line 518, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
HTTPError: HTTP Error 404: Not Found
2016-05-23 07:23:58,791 INFO Insight Privileges=None


To resolve this issue, we need to modify ClearPass Policy Manager Enforcement Profile to directly return the name of  the Operator Profile as "admin_privileges" attribute value.

Suppose, if Super Administrator is the value of admin_privilege attribute, then we need to create a profile under Home » Administration » Operator Logins » Profiles with the name Super Administrator, with appropriate privileges to Insight. 

Access tracker output showing the value of Super Administrator for admin_privileges.

Super Administrator operator profile created in ClearPass Guest >> Home » Administration » Operator Logins » Profiles with Full Access privileged Access for Insight: