Do you see 'Authorization:[Time Source]:Now in Minutes DT' as an authorization attribute in the Access Tracker? If not, try to create a role-mapping rule, or enforcement rule that actually uses that attribute. Like Authorization:[Time Source]:Now in Minutes DT EXISTS => Role: dummy-role.
In some cases, if an attribute is not relevant for the policy decision (not tested, not used), it can be that the processing skips that processing. And attributes used in post-auth are not always retrieved, if not used during the service processing. Simple workaround, in that case, is to actually use/check the attribute.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 25, 2021 02:42 AM
From: Richard Walter
Subject: time source attribute failed
for testing purposes I've created a time source attribute in CPPM 6.9
select date_trunc('minute', localtimestamp(0)) as now_in_minutes
the data type is Date-Time
The Alias Name is 'Now in Minutes DT'
I use this attribute in an Enforcement Profile
Endpoint FirstSeen = %{Authorization:[Time Source]:Now in Minutes DT}
In the Access Tracker I will get an Alert
Policy server | Failed to get value for attributes=[Now in Minutes DT] |
When I use the pre-defined Alias 'Now DT' with the filter query 'select date_trunc('hour', localtimestamp(0)) as today' there is no alert.
Has anyone an idea what's going wrong?
------------------------------
Richard Walter
------------------------------