Security

In ClearPass 6.9.5 I'm trying to use the regex filter on the username's field to only allow username that do not have an @ in it. The requirement is for a conference enrolment system. The idea is that the University creates a conference name with a PIN (short password) as a guest account tied to a specific role_id and expiry-time. Attendees enroll for the conference (and are then forced to register their details and this account inherits the conference's expiry-time - see problem with Expire-Time-Update:GuestUser I raised yesterday and the role_id). To differentiate guests from conferences the conference username has no @ character. I created the regex expression ^[^@]*$ which verbally translates as from the beginning on the line (^) don't match @ ([^@]) or every character (*) to the end of the string ($). I validated this filter at Regex Tester and if seems to work - ie if there is a @ in the string it fails to match. I then put it into the perl format: /^[^@]*$/ and put it into this form's username field:

But this does not work. Any advice?

​​​​​

------------------------------
Derin Mellor
------------------------------

Derin, works for me like this:




With just clearpass, the form is accepted. Note you see the message only when you click the submit button.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: May 05, 2021 06:12 AM
From: Derin Mellor
Subject: On CPG struggling to get the username field REGEX working

In ClearPass 6.9.5 I'm trying to use the regex filter on the username's field to only allow username that do not have an @ in it. The requirement is for a conference enrolment system. The idea is that the University creates a conference name with a PIN (short password) as a guest account tied to a specific role_id and expiry-time. Attendees enroll for the conference (and are then forced to register their details and this account inherits the conference's expiry-time - see problem with Expire-Time-Update:GuestUser I raised yesterday and the role_id). To differentiate guests from conferences the conference username has no @ character. I created the regex expression ^[^@]*$ which verbally translates as from the beginning on the line (^) don't match @ ([^@]) or every character (*) to the end of the string ($). I validated this filter at Regex Tester and if seems to work - ie if there is a @ in the string it fails to match. I then put it into the perl format: /^[^@]*$/ and put it into this form's username field:

But this does not work. Any advice?

​​​​​

------------------------------
Derin Mellor
------------------------------

Herman, I missed the key point - I'm trying to use the login form - not the registration form. I only want a username that does not have an @ in it (this represents a conference and on successful login they are sent to a registration page...)
How can I edit the username field in the login page?
In the mean time I have crafted a solution that uses different PolicyManager services - hence I only allow the conference enrolment login if the username does not contain the @ character.​​

------------------------------
Derin Mellor
------------------------------

Original Message:
Sent: May 11, 2021 10:17 AM
From: Herman Robers
Subject: On CPG struggling to get the username field REGEX working

Derin, works for me like this:




With just clearpass, the form is accepted. Note you see the message only when you click the submit button.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: May 05, 2021 06:12 AM
From: Derin Mellor
Subject: On CPG struggling to get the username field REGEX working

In ClearPass 6.9.5 I'm trying to use the regex filter on the username's field to only allow username that do not have an @ in it. The requirement is for a conference enrolment system. The idea is that the University creates a conference name with a PIN (short password) as a guest account tied to a specific role_id and expiry-time. Attendees enroll for the conference (and are then forced to register their details and this account inherits the conference's expiry-time - see problem with Expire-Time-Update:GuestUser I raised yesterday and the role_id). To differentiate guests from conferences the conference username has no @ character. I created the regex expression ^[^@]*$ which verbally translates as from the beginning on the line (^) don't match @ ([^@]) or every character (*) to the end of the string ($). I validated this filter at Regex Tester and if seems to work - ie if there is a @ in the string it fails to match. I then put it into the perl format: /^[^@]*$/ and put it into this form's username field:

But this does not work. Any advice?

​​​​​

------------------------------
Derin Mellor
------------------------------

Here's the solution - a chunk of Javascript: Within the Login page's header add:

{nwa_script src=jquery.min}
{literal}
  <script type="text/javascript">
    $(document).ready(function () {
      $('#ID_'+_form_name+'_user').change(function () {
        var tmp1 = $('#ID_'+_form_name+'_user').val();
        var regex = /^[^@]+$/;
        if(!regex.test(tmp1)) {
          var tmp2="Invalid Conference ".concat(tmp1)
          alert(tmp2);
          return regex.test(tmp1);
        }
      });
    });
  </script>
{/literal}



Annoyingly, the CPG's Customize Self-Registration "Login Page" button doesn't take me to the Login Page configuration but the Self-Service Portal configuration.

------------------------------
Derin Mellor
------------------------------

Original Message:
Sent: May 11, 2021 10:45 AM
From: Derin Mellor
Subject: On CPG struggling to get the username field REGEX working

Herman, I missed the key point - I'm trying to use the login form - not the registration form. I only want a username that does not have an @ in it (this represents a conference and on successful login they are sent to a registration page...)
How can I edit the username field in the login page?
In the mean time I have crafted a solution that uses different PolicyManager services - hence I only allow the conference enrolment login if the username does not contain the @ character.​​

------------------------------
Derin Mellor

Original Message:
Sent: May 11, 2021 10:17 AM
From: Herman Robers
Subject: On CPG struggling to get the username field REGEX working

Derin, works for me like this:




With just clearpass, the form is accepted. Note you see the message only when you click the submit button.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: May 05, 2021 06:12 AM
From: Derin Mellor
Subject: On CPG struggling to get the username field REGEX working

In ClearPass 6.9.5 I'm trying to use the regex filter on the username's field to only allow username that do not have an @ in it. The requirement is for a conference enrolment system. The idea is that the University creates a conference name with a PIN (short password) as a guest account tied to a specific role_id and expiry-time. Attendees enroll for the conference (and are then forced to register their details and this account inherits the conference's expiry-time - see problem with Expire-Time-Update:GuestUser I raised yesterday and the role_id). To differentiate guests from conferences the conference username has no @ character. I created the regex expression ^[^@]*$ which verbally translates as from the beginning on the line (^) don't match @ ([^@]) or every character (*) to the end of the string ($). I validated this filter at Regex Tester and if seems to work - ie if there is a @ in the string it fails to match. I then put it into the perl format: /^[^@]*$/ and put it into this form's username field:

But this does not work. Any advice?

​​​​​

------------------------------
Derin Mellor
------------------------------