Integration of ClearPass and Azure Saml

View Only

last person joined: 2 days ago

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).

Back to discussions

Expand all | Collapse all

Integration of ClearPass and Azure Saml

This thread has been viewed 10 times

1. Integration of ClearPass and Azure Saml

0 Kudos
tanxiaofeng
Posted 3 days ago

Reply Reply Privately
Hi Guys，

I am currently implementing integration of ClearPass and Azure Saml to achieve 802.1x authentication，I referred to the document "Onboard and Cloud Identity Providers "for configuring Azure AD and clearpass. After completing the configuration, when I was testing, the client encountered an error while running quickconnect.

The quickconnect' logs as shown below：

Client Log
==========
2024-06-20 20:23:55,585 [main] DEBUG Quick1X.QuickConnectDlg - Starting configuration.
2024-06-20 20:23:55,585 [main] DEBUG changelog - Starting configuration for secure network connections.
2024-06-20 20:23:55,585 [main] DEBUG Quick1X.Util - Attempting operating system detection.
2024-06-20 20:23:55,585 [main] DEBUG Quick1X.Util - running Windows Enterprise Version
2024-06-20 20:23:55,585 [main] DEBUG Quick1X.Util - Detected operating system higher than Windows XP
2024-06-20 20:23:55,585 [main] DEBUG Quick1X.WlanApi - Initializing wlan api.
2024-06-20 20:23:55,585 [main] DEBUG Quick1X.Config - Initing configuration.
2024-06-20 20:23:55,585 [main] DEBUG Quick1X.Config - QuickConnect Mode isonboard
2024-06-20 20:23:56,239 [main] DEBUG Quick1X.QuickConnectDlg - Calling javascript method : updateWorkingDirectory
2024-06-20 20:23:59,875 [main] DEBUG Quick1X.QuickConnectDlg - Calling javascript method : updateQcMode
2024-06-20 20:23:59,885 [main] DEBUG Quick1X.QuickConnectDlg - Processing configure
2024-06-20 20:23:59,885 [null] DEBUG Quick1X.QuickConnectDlg - Processsing configure task
2024-06-20 20:23:59,885 [null] DEBUG Quick1X.QuickConnectDlg - Fetching the configuration and certificate from the Onboard Server
2024-06-20 20:23:59,885 [null] DEBUG Quick1X.QuickConnectDlg - Initing device info
2024-06-20 20:23:59,885 [null] DEBUG Quick1X.DeviceInfo - Starting interface detection
2024-06-20 20:23:59,885 [null] DEBUG Quick1X.Util - Running config task as logged in user
2024-06-20 20:24:00,060 [null] DEBUG Quick1X.Util - Exit code from execed process 0
2024-06-20 20:24:00,061 [null] DEBUG Quick1X.DeviceInfo - Checking interface :VPN Client Adapter - VPN
2024-06-20 20:24:00,061 [null] DEBUG Quick1X.DeviceInfo - Interface Type :53
2024-06-20 20:24:00,061 [null] DEBUG Quick1X.DeviceInfo - Interface state :2
2024-06-20 20:24:00,061 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Microsoft Wi-Fi Direct Virtual Adapter
2024-06-20 20:24:00,061 [null] DEBUG Quick1X.DeviceInfo - Interface Type :71
2024-06-20 20:24:00,061 [null] DEBUG Quick1X.DeviceInfo - Interface state :2
2024-06-20 20:24:00,061 [null] DEBUG Quick1X.DeviceInfo - Trying to filter :Microsoft Wi-Fi Direct Virtual Adapter
2024-06-20 20:24:00,061 [null] DEBUG Quick1X.DeviceInfo - Discarding interface : Microsoft Wi-Fi Direct Virtual Adapter
2024-06-20 20:24:00,061 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Microsoft Wi-Fi Direct Virtual Adapter #2
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Interface Type :71
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Interface state :2
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Trying to filter :Microsoft Wi-Fi Direct Virtual Adapter #2
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Discarding interface : Microsoft Wi-Fi Direct Virtual Adapter #2
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Intel(R) Wi-Fi 6 AX201 160MHz
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Interface Type :71
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Interface state :1
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Trying to filter :Intel(R) Wi-Fi 6 AX201 160MHz
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Trying to filter (Unicode) :Intel(R) Wi-Fi 6 AX201 160MHz
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Adapter GUID:E46683CF-C2F1-4795-AECB-BD96431C3B9D
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Description: Intel(R) Wi-Fi 6 AX201 160MHz
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Name: WLAN
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - State: CONNECTED
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - DHCP : Enabled
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - DNS Registration: Enabled
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - DNS by DHCP: Enabled
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - MAC Address: 54:6C:EB:9D:6A:A7
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Interface type : Wireless
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Bluetooth Device (Personal Area Network)
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Interface Type :6
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Interface state :2
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Trying to filter :Bluetooth Device (Personal Area Network)
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Discarding interface : Bluetooth Device (Personal Area Network)
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Checking interface :Software Loopback Interface 1
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Interface Type :24
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.DeviceInfo - Interface state :1
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.QuickConnectDlg - GetDeviceCredentials: Downloading device credentials from the Onboard server - https://clearpass.sscxtech.info/onboard/mdps_qc_enroll.php
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.QuickConnectDlg - GetDeviceCredentials: Checking whether bypass proxy is false or true
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.QuickConnectDlg - GetDeviceCredentials: Bypass proxy is false
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.QuickConnectDlg - GetDeviceCredentials: Onboard server Host Name clearpass.sscxtech.info
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.QuickConnectDlg - GetDeviceCredentials: Onboard server URL Path /onboard/mdps_qc_enroll.php
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.QuickConnectDlg - GetDeviceCredentials: Retrieving value of Validate-Server-Certificate option
2024-06-20 20:24:00,065 [null] INFO Quick1X.QuickConnectDlg - Disabling Onboard server certificate validation
2024-06-20 20:24:00,065 [null] DEBUG Quick1X.QuickConnectDlg - Detected Windows version - Windows 10
2024-06-20 20:24:00,156 [null] ERROR Quick1X.QuickConnectDlg - GetDeviceCredentials: Received error HTTP Status code - 403
2024-06-20 20:24:00,156 [null] DEBUG Quick1X.Util - Running config task as logged in user

Script Log
==========
2024/6/20 20:18:57 Adapter type detect starting
2024/6/20 20:18:57 VPN Client Adapter - VPN Type: 0
2024/6/20 20:18:57 Intel(R) Wi-Fi 6 AX201 160MHz Type: 9
2024/6/20 20:18:57 Bluetooth Device (Personal Area Network) Type: 10
2024/6/20 20:18:57 Microsoft Wi-Fi Direct Virtual Adapter Type: 9
2024/6/20 20:18:57 Microsoft Wi-Fi Direct Virtual Adapter #2 Type: 9
2024/6/20 20:19:43 Adapter type detect starting
2024/6/20 20:19:43 VPN Client Adapter - VPN Type: 0
2024/6/20 20:19:43 Intel(R) Wi-Fi 6 AX201 160MHz Type: 9
2024/6/20 20:19:43 Bluetooth Device (Personal Area Network) Type: 10
2024/6/20 20:19:43 Microsoft Wi-Fi Direct Virtual Adapter Type: 9
2024/6/20 20:19:43 Microsoft Wi-Fi Direct Virtual Adapter #2 Type: 9
2024/6/20 20:21:03 Adapter type detect starting
2024/6/20 20:21:03 VPN Client Adapter - VPN Type: 0
2024/6/20 20:21:03 Intel(R) Wi-Fi 6 AX201 160MHz Type: 9
2024/6/20 20:21:03 Bluetooth Device (Personal Area Network) Type: 10
2024/6/20 20:21:03 Microsoft Wi-Fi Direct Virtual Adapter Type: 9
2024/6/20 20:21:03 Microsoft Wi-Fi Direct Virtual Adapter #2 Type: 9
2024/6/20 20:23:59 Adapter type detect starting
2024/6/20 20:23:59 VPN Client Adapter - VPN Type: 0
2024/6/20 20:23:59 Intel(R) Wi-Fi 6 AX201 160MHz Type: 9
2024/6/20 20:23:59 Bluetooth Device (Personal Area Network) Type: 10
2024/6/20 20:24:00 Microsoft Wi-Fi Direct Virtual Adapter Type: 9
2024/6/20 20:24:00 Microsoft Wi-Fi Direct Virtual Adapter #2 Type: 9

Helper Log
==========

Do any guys know how to solve it? Did I forget some configurations?
2. RE: Integration of ClearPass and Azure Saml

0 Kudos
EMPLOYEE

mattAruba
Posted 3 days ago

Reply Reply Privately
Here it seems like the SAML part went through fine but the device provisioning using quickconnect ran into some issue. Does the windows machine require admin privileges to install the profile?

Any errors in the application logs on the guest side under Guest > Administration > SUpport > Application Log ?

Original Message
3. RE: Integration of ClearPass and Azure Saml

0 Kudos
tanxiaofeng
Posted 3 days ago

Reply Reply Privately
Hi，

How do I determine if Windows installation files require administrator privileges? What aspects do I need to check from?

In the application log, I found two types of errors，as shown below

The logs corresponding to these two time points in the Access Tracker

Original Message
4. RE: Integration of ClearPass and Azure Saml

0 Kudos
EMPLOYEE

mattAruba
Posted 2 days ago

Reply Reply Privately
Ahh, you need a Application Access service for Onboard. This is covered in the Airheads broadcasting video Onboard#2 https://www.youtube.com/watch?v=8XtleXO5t64&list=PLsYGHuNuBZcb0xD05v9zdwv7NlUG_8oJS&index=54

Original Message

Security

Integration of ClearPass and Azure Saml

1. Integration of ClearPass and Azure Saml

2. RE: Integration of ClearPass and Azure Saml

3. RE: Integration of ClearPass and Azure Saml

4. RE: Integration of ClearPass and Azure Saml