Security

 View Only
last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CLearpass - Guest Authentication with national auth. system

This thread has been viewed 10 times
  • 1.  CLearpass - Guest Authentication with national auth. system

    Posted Dec 07, 2022 09:51 AM
    Hey,

    I'm a bit new to clearpass, I want to authenticate guest accounts during self registration. NAS is used with API but I can't find a way to do in clearpass.
    I tried to add nas as authentication source (http type)
    but I didn't know how to add a personal ID in the filter section.

    Has anyone done this before, can you guide me?





  • 2.  RE: CLearpass - Guest Authentication with national auth. system

    EMPLOYEE
    Posted Dec 08, 2022 05:47 AM
    Unsure what National Authentication System is, or which country that is for.

    I've seen a few of those systems, and they have different methods for integration, and differ from country to country. Most likely is that you can integrate with Single Sign On (OAuth2.0), but if you have a local Aruba partner or Aruba SE, they may know how to build such an integration.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: CLearpass - Guest Authentication with national auth. system

    EMPLOYEE
    Posted Dec 08, 2022 04:21 PM
    If I'm understanding this correctly you want to use a captive portal in ClearPass that uses another RADIUS server other than ClearPass as the authentication source.

    This would be accomplished on the policy manager side by setting up a service that uses Radius Proxy as the type and then set the normal service parameters for the RADIUS auth for the captive portal (client mac address not equal to IEFT:UserName for example).  Point the proxy to the RADIUS server you want to do the authentication and the use the normal ClearPass Role and Enforcement mapping.

    ------------------------------
    --Travis
    ------------------------------