Security

I'm struggeling with the Clearpass Insight Login. I've Build a Service which grant's Management Access to CPPM via Active Directory Backend with User-Role Super-Admin. Everything works fine and if a User is Logged into CPPM he's able to open Insight too. 

 

If the User isn't Logged into CPPM and tries to Log into CP Insight he gets Rejected on the Login Web Interface. He's saying Wrong User/Password. Which is definitly wrong. If I look at the Access Tracker my Request is successfully authenticated. 

 

My Question is. How should the Enforcement Profile look ? I've set up an Application Enforcement -> User Role - Operator Login Admin User.

 

I Guess, I should set a specific Attribute for Authentication. I searched already but didn't found anything. 

 

With Local Users, everything work's fine but how to set the Access Attributes for an Active Directory user and which one ?

 

Thx in advance

 

P.S. 

Main Reason is to open the Links in the Email from Insight.

I would copy the "[Insight Operator Logins]" service, add your AD to the authentication tab then alter the enforcement to allow access from your AD authentication source.

 

Hi,

 

You need to add Active Directory as Authorization source. If you have already added it then please share your service snap including authentication, authorztion, enforcement policy and access tracker logs.

 

Regards,

Milind Yashwantrao

Seems like there is slightly more required than just adding AD as an Authentication or Authorization source...

 

Has anyone got this working?

Hi,

 

What service type you are using to authenticate insight user againt AD?

 

We need to use Inisght Operator login service. In

Thanks Pavan,

 

I tried this and it looked like it should have been working OK.

 

Could you share screenshots of a working example?

J Easley,

I have the exact problem your talking about I have tried both the [Operator Login - Admin Users] and [Operator Login - Local Users] Enforcement Profile. Had you ever come to a conclusion. Both show Access Accept in the Tracker but show username / password wrong in the Insight Portal.

I would like to give other staff read only access into this but can't get past this.

Thanks,
Chris

------------------------------
Christopher Calhoun
------------------------------

Original Message:
Sent: Jun 29, 2017 04:14 PM
From: Jamie Easley
Subject: Aruba Insight Management Login

Thanks Pavan,

 

I tried this and it looked like it should have been working OK.

 

Could you share screenshots of a working example?

You replied to an old discussion, information in here may be obsolete. Also, your question seems too generic to provide a useful answer.

Please open a new discussion, add configuration, screenshots, or reach out to your Aruba partner or Aruba support.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 13, 2021 03:13 PM
From: Christopher Calhoun
Subject: Aruba Insight Management Login

J Easley,

I have the exact problem your talking about I have tried both the [Operator Login - Admin Users] and [Operator Login - Local Users] Enforcement Profile. Had you ever come to a conclusion. Both show Access Accept in the Tracker but show username / password wrong in the Insight Portal.

I would like to give other staff read only access into this but can't get past this.

Thanks,
Chris

------------------------------
Christopher Calhoun

Original Message:
Sent: Jun 29, 2017 04:14 PM
From: Jamie Easley
Subject: Aruba Insight Management Login

Thanks Pavan,

 

I tried this and it looked like it should have been working OK.

 

Could you share screenshots of a working example?

Hello! I'm having the same issue.
I known this thread is old, but it keeps without solution, so I will try to use this same topic.

Lets go... I created a service based in the default, just changed the Auth source, roles and keep the default Enforcement.
I can see in the access tracker, that my user has been accepted (Using a local user or AD user).

But in the Insight login, I see the error "No Privilege for Insight". 

I think I'm missing something in the enforcement, as far as I known, there is no translation rule for Insight.
Can someone help me to understand what I need to correct?
(OBS: CPPM and Guest logins are working fine with their respectively services, that follows the same logic)

Accept log for AD user in Insight:


Accept log for Local user in Insight:



Insight login error: 


Services for Insight Login:










Should I include some rule for Insight Login in my enforcement profile?

------------------------------
Bruno Andrade - ACMP, ACSP, ACCP, CWNA, CCNA R&S, RCNA, ICX, SPSX
------------------------------

Original Message:
Sent: Aug 24, 2021 05:49 AM
From: Herman Robers
Subject: Aruba Insight Management Login

You replied to an old discussion, information in here may be obsolete. Also, your question seems too generic to provide a useful answer.

Please open a new discussion, add configuration, screenshots, or reach out to your Aruba partner or Aruba support.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 13, 2021 03:13 PM
From: Christopher Calhoun
Subject: Aruba Insight Management Login

J Easley,

I have the exact problem your talking about I have tried both the [Operator Login - Admin Users] and [Operator Login - Local Users] Enforcement Profile. Had you ever come to a conclusion. Both show Access Accept in the Tracker but show username / password wrong in the Insight Portal.

I would like to give other staff read only access into this but can't get past this.

Thanks,
Chris

------------------------------
Christopher Calhoun

Original Message:
Sent: Jun 29, 2017 04:14 PM
From: Jamie Easley
Subject: Aruba Insight Management Login

Thanks Pavan,

 

I tried this and it looked like it should have been working OK.

 

Could you share screenshots of a working example?

Hi Bruno,

The enforcement profile [Operator Login - Local users] would not be able to find the variable (Authorization:[Local User Repository]:Role_Name) value since the user is authenticating using AD. Try following the below steps.

Steps:
Create an admin privilege


Create an enforcement profile to apply the admin privilege.



Update the Insight operator login service > Enforcement policy rule to apply the profile when a user successfully authenticates using AD.

Create an operator profile (with the same admin_privilege name) from Guest UI > Administration > Operator Logins > Profiles page and allow the appropriate access.



------------------------------
Nimal Varampetran
------------------------------

Original Message:
Sent: Sep 29, 2021 11:58 AM
From: Bruno Andrade
Subject: Aruba Insight Management Login

Hello! I'm having the same issue.
I known this thread is old, but it keeps without solution, so I will try to use this same topic.

Lets go... I created a service based in the default, just changed the Auth source, roles and keep the default Enforcement.
I can see in the access tracker, that my user has been accepted (Using a local user or AD user).

But in the Insight login, I see the error "No Privilege for Insight". 

I think I'm missing something in the enforcement, as far as I known, there is no translation rule for Insight.
Can someone help me to understand what I need to correct?
(OBS: CPPM and Guest logins are working fine with their respectively services, that follows the same logic)

Accept log for AD user in Insight:


Accept log for Local user in Insight:



Insight login error: 


Services for Insight Login:










Should I include some rule for Insight Login in my enforcement profile?

------------------------------
Bruno Andrade - ACMP, ACSP, ACCP, CWNA, CCNA R&S, RCNA, ICX, SPSX

Original Message:
Sent: Aug 24, 2021 05:49 AM
From: Herman Robers
Subject: Aruba Insight Management Login

You replied to an old discussion, information in here may be obsolete. Also, your question seems too generic to provide a useful answer.

Please open a new discussion, add configuration, screenshots, or reach out to your Aruba partner or Aruba support.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 13, 2021 03:13 PM
From: Christopher Calhoun
Subject: Aruba Insight Management Login

J Easley,

I have the exact problem your talking about I have tried both the [Operator Login - Admin Users] and [Operator Login - Local Users] Enforcement Profile. Had you ever come to a conclusion. Both show Access Accept in the Tracker but show username / password wrong in the Insight Portal.

I would like to give other staff read only access into this but can't get past this.

Thanks,
Chris

------------------------------
Christopher Calhoun

Original Message:
Sent: Jun 29, 2017 04:14 PM
From: Jamie Easley
Subject: Aruba Insight Management Login

Thanks Pavan,

 

I tried this and it looked like it should have been working OK.

 

Could you share screenshots of a working example?

Really thanks Nimal! I did this and now it's working! :-)

------------------------------
Bruno Andrade - ACMP, ACSP, ACCP, CWNA, CCNA R&S, RCNA, ICX, SPSX
------------------------------

Original Message:
Sent: Sep 30, 2021 02:34 AM
From: Nimal Varampetran
Subject: Aruba Insight Management Login

Hi Bruno,

The enforcement profile [Operator Login - Local users] would not be able to find the variable (Authorization:[Local User Repository]:Role_Name) value since the user is authenticating using AD. Try following the below steps.

Steps:
Create an admin privilege


Create an enforcement profile to apply the admin privilege.



Update the Insight operator login service > Enforcement policy rule to apply the profile when a user successfully authenticates using AD.

Create an operator profile (with the same admin_privilege name) from Guest UI > Administration > Operator Logins > Profiles page and allow the appropriate access.



------------------------------
Nimal Varampetran

Original Message:
Sent: Sep 29, 2021 11:58 AM
From: Bruno Andrade
Subject: Aruba Insight Management Login

Hello! I'm having the same issue.
I known this thread is old, but it keeps without solution, so I will try to use this same topic.

Lets go... I created a service based in the default, just changed the Auth source, roles and keep the default Enforcement.
I can see in the access tracker, that my user has been accepted (Using a local user or AD user).

But in the Insight login, I see the error "No Privilege for Insight". 

I think I'm missing something in the enforcement, as far as I known, there is no translation rule for Insight.
Can someone help me to understand what I need to correct?
(OBS: CPPM and Guest logins are working fine with their respectively services, that follows the same logic)

Accept log for AD user in Insight:


Accept log for Local user in Insight:



Insight login error: 


Services for Insight Login:










Should I include some rule for Insight Login in my enforcement profile?

------------------------------
Bruno Andrade - ACMP, ACSP, ACCP, CWNA, CCNA R&S, RCNA, ICX, SPSX

Original Message:
Sent: Aug 24, 2021 05:49 AM
From: Herman Robers
Subject: Aruba Insight Management Login

You replied to an old discussion, information in here may be obsolete. Also, your question seems too generic to provide a useful answer.

Please open a new discussion, add configuration, screenshots, or reach out to your Aruba partner or Aruba support.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 13, 2021 03:13 PM
From: Christopher Calhoun
Subject: Aruba Insight Management Login

J Easley,

I have the exact problem your talking about I have tried both the [Operator Login - Admin Users] and [Operator Login - Local Users] Enforcement Profile. Had you ever come to a conclusion. Both show Access Accept in the Tracker but show username / password wrong in the Insight Portal.

I would like to give other staff read only access into this but can't get past this.

Thanks,
Chris

------------------------------
Christopher Calhoun

Original Message:
Sent: Jun 29, 2017 04:14 PM
From: Jamie Easley
Subject: Aruba Insight Management Login

Thanks Pavan,

 

I tried this and it looked like it should have been working OK.

 

Could you share screenshots of a working example?