Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass 3rd Party Context Server Actions

This thread has been viewed 9 times

  • 1.  ClearPass 3rd Party Context Server Actions

    Posted Feb 07, 2019 05:19 AM

    Hello All,

     

    How can I make a custom endpoint context server action with javascript functions run in it? And not only javascript, how to setup IP with custom port so it could communicate with the 3rd party server?
    Currently we have a customer that still use ClearPass for authentication but they want to sync it into Sangfor device. For Sangfor device, it require to contacted at certain port and use javascript to send the informations.

    So, it could have the information details such as IP and User that being held by ClearPass.



  • 2.  RE: ClearPass 3rd Party Context Server Actions

    EMPLOYEE
    Posted Feb 07, 2019 08:48 AM
    Context server actions make HTTP calls to external systems. You’d have to build a third party system to communicate with.


  • 3.  RE: ClearPass 3rd Party Context Server Actions

    Posted Feb 07, 2019 09:08 AM

    Hi Cappalli,

     

    Is there any documentations for me to build my own custom HTTP calls? I bit confuse with the tech notes that available at the aruba support center.

     

    Thank you



  • 4.  RE: ClearPass 3rd Party Context Server Actions

    EMPLOYEE
    Posted Feb 07, 2019 09:10 AM
    You can look at the built-in examples.


  • 5.  RE: ClearPass 3rd Party Context Server Actions

    Posted Feb 07, 2019 09:39 AM

    Hi Cappalli,

     

    Here is the example for the packet that will be sent to my 3rd party device.

    GET /cgi-bin/caauth.cgi?ui=web&opr=logon&chk_cookie=0&info=MTAuOC41MC42L3Rlc3QuaGVsaW9zLy9uZXc HTTP/1.1
Host: 1.1.1.1:85
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.81 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: sf_emailcode_valid=; sf_emailcode_restTime=120

    It's inform to my device at 1.1.1.1:85 and the operation is login. And for the informations, it consist of IP, user and group. But it encrypted with javascript functions. Is it possible to insert the javascript into ClearPass to make encrypted informations?



  • 6.  RE: ClearPass 3rd Party Context Server Actions

    EMPLOYEE
    Posted Feb 07, 2019 09:42 AM
    No.


  • 7.  RE: ClearPass 3rd Party Context Server Actions

    Posted Feb 13, 2019 06:24 AM

    I want to make a new Generic HTTP Context Server Actions that to send the memberOf from AD with JSON method. What attribute should I use to get the memberOf? I tried %{memberOf} but no returns.

    {"ip-address":"1.1.1.6",
"request": [{
"command":"add_user",
"username":"test.user",
"ip":"1.1.1.6",
"machine_name":"1.1.1.6",
"memberOf":"%{memberOf}",
"domain":"TESTDOMAIN",
"identity_source":"Aruba ClearPass Policy Manager",
"timeout":28800,
"fetch_roles":1,
"fetch_groups":1}]}


  • 8.  RE: ClearPass 3rd Party Context Server Actions

    EMPLOYEE
    Posted Feb 13, 2019 12:15 PM

    Take the attribute name from access tracker and add the parameterized variable syntax.

    %{attribute-name}