Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass API without OAuth

This thread has been viewed 12 times
  • 1.  Clearpass API without OAuth

    Posted Sep 08, 2023 11:14 AM

    Hi Airheads,

    I have a customer requirement for SNOW to push a device registration to ClearPass. I think we'll just have it added to the GDR - haven't decided yet.

    However, they have stated that the server doing he API call does not support OAuth (It's not coming from SNOW "cloud" but from a server in the DMZ, a middleman of sorts)

    Every guide I am finding uses OAuth. I'm not familiar with API enough to know what other options we have. Seems like "basic" auth is a path but I can't find any documentation on setting it up.

    I have access to Postman and ClearPass in my lab and essential need to hand the customer a Postman project with it working (without OAuth).

    Any tips/screenshots greatly appreciated!



    ------------------------------
    ACNSP | ACCP | ACMP | ACEP
    ------------------------------


  • 2.  RE: Clearpass API without OAuth

    Posted Sep 12, 2023 06:14 AM

    You can create an API Client with 'Grant type client_credentials' for this:

    The Client Secret will be generated, valid for the Access Token Lifetime, and then is the only thing needed to access the API. You can use the generated secret in the API explorer to test API access. It's recommended to rotate your client secret every now and then, and to apply an Operator Profile with just the required permissions for what your API should be allowed to do.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------