This looks like a quite specific use-case, and I'm not even sure what you intend to achieve here. It may be good to work with Aruba Support to first find out if Universal Authentication Proxy would be the right solution to your requirements.
Unless someone else has gone through the same and can share information here.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Dec 22, 2022 02:18 PM
From: MATHEW FLOWERS
Subject: Aruba ClearPass Universal Authentication Proxy - Attributes from JSON response
Hello,
I have the Aruba ClearPass Universal Authentication Proxy setup and it is doing oauth with Microsoft Azure. I have an HTTP authentication source (Configuration-> Authentication -> Sources -> HTTP) that is requesting data from Microsoft graph.
This looks to work correctly but the JSON that is returned has multiple values for what I want:
value.0.displayName
value.1.displayName
value.2.displayName
etc... (there may be 1 or 10 or more returned in the JSON).
Here is my filter query:
/devices(deviceId=%{Endpoint:Intune Azure AD Device Id})/memberOf?$format=application/json;odata.metadata=none&$select=displayName
This will return the JSON but I have to use multiple attributes like this:
value.0.displayName | DeviceGroups-1 | String
value.1.displayName | DeviceGroups-2 | String
value.2.displayName | DeviceGroups-3 | String
etc...
Is there a way that I can put all of the value.X.displayName values together and return it as a single attribute?
Here is the RADIUS/policy manager request log and what is being returned by the HTTP authentication source:
2022-12-22 13:21:06,122 [HttpModule-ThreadPool-4-0x7fb3e986b700 r=R00000002-03-63a4a010 h=82] DEBUG Http.SyncHttpClientHandle - GET http://172.17.0.3/oauth2/devices(deviceId='xxxx-xxxx-xxxx-xxxx-xxxx')/memberOf?$format=application/json;odata.metadata=none&$select=displayName, statuscode=200
2022-12-22 13:21:06,122 [HttpModule-ThreadPool-4-0x7fb3e986b700 r=R00000002-03-63a4a010 h=82] DEBUG Http.HttpAutzSession - Query response={"@odata.context":"https://graph.microsoft.com/beta/$metadata#directoryObjects(displayName)","value":{"displayName":"Group Tag - xxxx"},{"displayName":"Devices - xxxx"},{"displayName":"Device Test xxxx"},{"displayName":"Devices - Windows Corporate"}]}
2022-12-22 13:21:06,122 [HttpModule-ThreadPool-4-0x7fb3e986b700 r=R00000002-03-63a4a010 h=82] DEBUG Http.HttpAutzSession - Flattened response={@odata.context:https://graph.microsoft.com/beta/$metadata#directoryObjects(displayName),], value.0.displayName:Group Tag - xxxx,], value.1.displayName:Devices - Windows,], value.2.displayName:
2022-12-22 13:21:06,122 [HttpModule-ThreadPool-4-0x7fb3e986b700 r=R00000002-03-63a4a010 h=82] DEBUG Http.HttpAutzSession - query response:{@odata.context:https://graph.microsoft.com/beta/$metadata#directoryObjects(displayName),], value.0.displayName:Group Tag - xxxx,], value.1.displayName:Devices - Windows,], value.2.displayName:
2022-12-22 13:21:06,122 [HttpModule-ThreadPool-4-0x7fb3e986b700 r=R00000002-03-63a4a010 h=82] DEBUG Http.HttpAutzSession - Query success urlpath=/devices(deviceId='db84473b-459b-48cb-a324-5c2a512b7de0')/memberOf?$format=application/json;odata.metadata=none&$select=displayName, attrs=>{}
2022-12-22 13:21:06,122 [HttpModule-ThreadPool-4-0x7fb3e986b700 r=R00000002-03-63a4a010 h=82] ERROR Http.HttpAutzSession - Failed to get value for attributes=DeviceGroups]