Security

last person joined: 13 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM - EndPoint Context Server to EfficientIP

This thread has been viewed 7 times

  • 1.  CPPM - EndPoint Context Server to EfficientIP

    Posted Sep 04, 2018 09:06 PM

    We are experimenting with ways to auto-register new devices with our IPAM Solution, EfficientIP SOLIDServer.

     

    In order to communicate with the EIP API, we need to:

       - Do a rest call to https://1.2.3.4/rpc/some_query.php

       - Set the HTTP Header X-IPM-Username to the  base64_encode('adminuser')

       - Set the HTTP Header X-IPM-Password to the  base64_encode('password')

     

    Unfortunately, when I setup the Endpoint Context Server and put in the  base64_encode value for Username, I recieve the error "Username contains special characters other than -, _, { }, [ ], ( ), period and space."  This is because the base64 encode of the user I am using has an = symbol in it.

     

    1) Is there any way to get around this annoying error?

    2) Can I put the un-encoded username/password in the Endpoint Context Server and have CPPM convert the value in the Endpoint Context Server Action?  Right now, the best I can think of is to set X-IPM-Username = %{Server.Username}.  

     

    Any thoughts on how to do this natively in CPPM?



  • 2.  RE: CPPM - EndPoint Context Server to EfficientIP

    EMPLOYEE
    Posted Sep 04, 2018 09:14 PM
    Take a look at the Universal Authentication Proxy Extension.


  • 3.  RE: CPPM - EndPoint Context Server to EfficientIP

    Posted Sep 04, 2018 09:26 PM

    That seems ... needlessly messy.  The EIP API call fits into the CPPM Endpoint Context Server mold with the exception of CPPM doesn't like an equal sign in the username.

     

    The TechNote I found on the Universal Authentication Proxy (https://community.arubanetworks.com/t5/Security/NEW-TechNote-V1-ClearPass-and-Universal-Authentication-Proxy/td-p/297164) doesn't seem to address my issue of using base64_endode on the plain text username/password or fix the CPPM UI so that I can enter the appropraite data.

     

    Am I missing something?  Has UAP evolved since 2017 and I just haven't found the correct TechNote yet?



  • 4.  RE: CPPM - EndPoint Context Server to EfficientIP

    Posted Sep 07, 2018 04:52 PM

    I think I found a way around this.  The Endpoint Context Server Actions have the ability to set the "Authentication Method" to None.  Then I can put the base64 encoded password and username in as Headers.

     

    Unfortunately, the Endpoint Context Server itself sets "Authentication Method" to Basic, oAUTH or both.  There is no none option on the server.

     

    Is there any way to remove the authentication from the Endpoint Context Server entry in lieu of this method of connecting to the REST API?

     

     



  • 5.  RE: CPPM - EndPoint Context Server to EfficientIP

    Posted Sep 09, 2018 02:37 PM

    Ben,

     

    Set the CS to Basic {don't config any creds} and set the CSA to None.