Security

 View Only
  • 1.  time source attribute failed

    Posted Aug 25, 2021 11:49 AM
    for testing purposes I've created a time source attribute in CPPM 6.9 

    select date_trunc('minute', localtimestamp(0)) as now_in_minutes

    the data type is Date-Time

    The Alias Name is 'Now in Minutes DT'

    I use this attribute in an Enforcement Profile
    Endpoint FirstSeen = %{Authorization:[Time Source]:Now in Minutes DT}

    In the Access Tracker I will get an Alert

    Policy server Failed to get value for attributes=[Now in Minutes DT]

    When I use the pre-defined Alias 'Now DT' with the filter query 'select date_trunc('hour', localtimestamp(0)) as today' there is no alert.

    Has anyone an idea what's going wrong?


    ------------------------------
    Richard Walter
    ------------------------------


  • 2.  RE: time source attribute failed

    Posted Aug 26, 2021 04:19 AM
    Do you see 'Authorization:[Time Source]:Now in Minutes DT' as an authorization attribute in the Access Tracker? If not, try to create a role-mapping rule, or enforcement rule that actually uses that attribute. Like Authorization:[Time Source]:Now in Minutes DT EXISTS => Role: dummy-role.

    In some cases, if an attribute is not relevant for the policy decision (not tested, not used), it can be that the processing skips that processing. And attributes used in post-auth are not always retrieved, if not used during the service processing. Simple workaround, in that case, is to actually use/check the attribute.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: time source attribute failed

    Posted Aug 26, 2021 04:39 AM
    Hi,
    Thank you for the fast reply. I've got a strange behaviour now. When I use my Pc's wlan adapter I see  'Authorization:[Time Source]:Minus 10 Minutes DT 2021-08-26 10:21:00' in the Access Tracker's Authorization Attributes. Looks okay.
    When I use my Samsung S10e I'll get the failed Alert within the access tracker.
    Looks like I have to test some more devices.

    Thanks

    Richard

    ------------------------------
    Richard Walter
    ------------------------------



  • 4.  RE: time source attribute failed

    Posted Aug 30, 2021 02:22 PM
    Hi,

    Would you please share the dashboard details zip file for the failed auth to review the config?

    ------------------------------
    Nimal Varampetran
    ------------------------------



  • 5.  RE: time source attribute failed

    Posted Sep 01, 2021 02:05 AM
    Hi Nimal,

    all is working now. I now use an Enforcement Profile to set an attribute with an timestamp to the endpoint.

    Endpoint FirstSeen = %{Authorization:[Time Source]:Now DT}
    Type Post_Authentication
    Time-Source filter : select date_trunc('hour', localtimestamp(0)) as today
    Time-Source Name: today
    Time-Source Alias Name: Now DT

    I've got the problem when I used 'select date_trunc('minute', localtimestamp(0)) as now_in_minutes'
    as a Time-Source filter.

    Don't know how to get a dashboard details zip file.



    ------------------------------
    Richard Walter
    ------------------------------