Security

 View Only
  • 1.  Questions about Clearpass JSON API

    Posted Apr 21, 2016 03:25 AM

    I am interested in using the Clearpass 6.5 JSON API in order to manage guest users from an in-house developed application. Customization of Guest module and skins shows too many options we cannot disable. The main requirements I have problems to satisfy with the JSON API are:

    - Several operator profiles, each one of them managing a different user role

    - Registering visitor name and address, for legal reasons

     

    In Guest module you have the possibility to restrict visibility/management for an operator profile to one or several user roles. However, when you use the Guest Operator API from a registered application, I have not seen any way to know those roles able to be managed from the operator that is logged in, not even the operator profile id, or attributes returned by the oauth2 service on authentication (neither guest/privileges nor guest/me calls gives that). As a consequence, I have not been able to restrict visibility for operators to any user role. Is there any chance to do it?

     

    On the other hand, the JSON scheme used in guest/ does not give freedom to chose any field of the Clearpass guest user table, only specific ones; the only available field taht seems to be somehow customizable in order to store some kind of "free information" would be visitor_name. Am I wrong?

     

    Best regards

    Luis

     

     



  • 2.  RE: Questions about Clearpass JSON API

    Posted Apr 21, 2016 10:12 AM

    Significant enhancements have been made to the REST APIs in ClearPass v6.6. I believe that your requirements can be satisfied with the new OperatorLogins API and the enhanced GuestManager API which includes the ability to store additional information in the guest account. I would suggest upgrading to ClearPass v6.6, or at least requesting an evaluation VM if upgrading is not practical.

     

     



  • 3.  RE: Questions about Clearpass JSON API

    Posted May 04, 2016 03:37 AM

    I deployed a Clearpass 6.6 VM in order to check the new API functionality:

    • OperatorLogins oauth/me returns self operator profile in the 'info' attribute, but it is impossible to know the visitor account roles that these operators are permitted to use. This info is part of the operator profile and may be important for a registering application using the API, because we don't want to show default guest roles or auto-registered users to the receptionist, not even be managed by them. Any idea to solve this requirement using Clearpass data model?, XML API, perhaps?
    • GuestManager API show now custom fields, so adding the address to the create form and then creating a user is enough for the Clearpass 6.6 API to reflect the address data.