Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass - Error 404 with EAP TLS with SAN intunedeviceid://

This thread has been viewed 11 times
  • 1.  ClearPass - Error 404 with EAP TLS with SAN intunedeviceid://

    Posted Apr 15, 2024 05:03 AM

    Hello,

    ClearPass version : 6.11.7.257550

    Extension Microsoft Intune : 6.1.7

    We can use the extension with the deviceid in the common name. But when we try to use in the SAN only, we got an error 404 ::

    We use Microsoft PKI Cloud to deploy the certificate and we must specify intunedeviceid:// in the SAN field in intune configuration (without, the certificate won't be deploy) :

    The certificate look likes :

    Someone can confirm that the extension works only with URL={{deviceid}} and doesn't support intunedeviceid:// please ?

    I found in an other discussion the same information (problem with intunedeviceid://) but I need to confirm that we don't have a workaround.

    Thanks.



  • 2.  RE: ClearPass - Error 404 with EAP TLS with SAN intunedeviceid://

    Posted Apr 15, 2024 07:30 AM

    ClearPass does not recognize the URL-form, intunedeviceid:// and will send the full attribute to Intune, which fails.

    Make sure that you have just the DeviceID somewhere in a certificate field as an isolated attribute. Here is an example where I put the DeviceID in many different certificate fields:

    So you can even put it in the Location, OU, Country or whatever other attribute in the DN; or in an unused SAN (just make sure there are not multiple attributes of the same time, like in my example (and your case) with the URI SAN. It would be nice if ClearPass could be configured to extract it from a field, like the IntuneDeviceId: URL SAN, but that's not possible as far as I know.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: ClearPass - Error 404 with EAP TLS with SAN intunedeviceid://

    Posted Apr 15, 2024 11:40 AM

    Hi Herman,

    Thanks for this detailed response. We will try several things with this new pki cloud ...