Security

 View Only
last person joined: 17 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass HTTP Authentication Source

This thread has been viewed 29 times
  • 1.  Clearpass HTTP Authentication Source

    Posted Nov 06, 2021 01:27 PM
    Hi community,

    I would like to ask you something about Aruba Clearpass. We would like to get user information from a web service url like "
    http://faaltest.com/webservice/academy". This database contains user information with XML type. So the question is, how do we get these users information from this URL? Can clearpass send API request or should we do HTTP source for this URL?

    Also i think clearpass need to send HTTP POST to invoke user information from this website after that clearpass must send HTTP GET for read all information about users. 

    If we take these informations from this URL we will use these informations for authorization. 

    Thanks in advance.

    ------------------------------
    Tuna AKYOL // ACMX#1374
    ------------------------------


  • 2.  RE: Clearpass HTTP Authentication Source

    Posted Nov 10, 2021 11:51 AM
    I think you should return JSON instead of XML. Check the documentation here.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Clearpass HTTP Authentication Source

    Posted Nov 11, 2021 02:48 AM
    Hi Herman,

    Thanks for your reply but i don't think that this method will meet our requirements because it is limited for HTTP authentication. So i decided to make a Endpoint context server and context server actions. What i am trying to do is create an Endpoint context server ( Generic HTTP ) and create actions for this server ( HTTP GET and POST ). Have you ever experienced like this situations , I want to hear from you if you did :)

    ------------------------------
    Tuna AKYOL #ACMP #ACCA
    ------------------------------



  • 4.  RE: Clearpass HTTP Authentication Source

    Posted Nov 11, 2021 10:26 AM
    I don't think it is limited to authentication, you can get attributes for authorization from there as well. I have not seen this widely used, but it should work. If context servers work for you that is good as well, but I think context servers are more for sending attributes out from ClearPass to another service; where I read the question that your HTTP service has attributes about the user that you want to use in the policy.

    As your exact use-case is not really clear, it may be best to work with Aruba support to work toward what you want to achieve.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: Clearpass HTTP Authentication Source

    Posted Nov 17, 2021 11:39 AM
    Thanks Herman,

     as i understood they want to authenticate their guest users from their custom web service that stores user's information with xml. They gave me a URL of their web service so i can use it for HTTP Auth source. In ClearPass, HTTP auth source rely on GET method, not POST method and this web service waits for HTTP POST to invoke user information. I am looking for workaround but nothing works :/.


    Guest user must provide 3 parameters username, password and sicilno after that ClearPass should take these informations and request to web service if user is correct or not. Anyways if i make this work i'll inform you. 

    And i'm writing this post, maybe someone has encountered such a situation before. 

    Thanks,

    ------------------------------
    Tuna AKYOL // ACMX#1374
    ------------------------------