Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

TACACS+ Post authentication enforcement

This thread has been viewed 14 times
  • 1.  TACACS+ Post authentication enforcement

    Posted 29 days ago

    HI All,

    I am looking for a way to get a HTTP based enforcement onto a TACACS+ service. I can't see why we would not be able to do this, however it is causing me a few issues at the moment. 

    Essentially I am looking to trigger an API call on every TACACS+ authentication. This is possible with RADIUS and due to it not effecting the security I would expect this to be possible with TACACS.

    Any thoughts would be great.


    Thanks,
    Ben



  • 2.  RE: TACACS+ Post authentication enforcement

    Posted 28 days ago

    Hi Ben

    Not the answer you are hoping for, but you are not alone in this request.

    There is an active feature request in the Innovation Zone for the feature: https://innovate.arubanetworks.com/ideas/SEC-I-1957

    Log in and vote on the feature request.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: TACACS+ Post authentication enforcement

    Posted 18 days ago

    Haven't fully tried, but if you have enough information in the authentication request (not the response/roles), you may try to include an HTTP Authorization source under authorization. The config of adding HTTP authorization source to a TACACS+ service seems to be accepted.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------