Security

Reply
New Contributor

ClearPass 3rd Party Context Server Actions

Hello All,

 

How can I make a custom endpoint context server action with javascript functions run in it? And not only javascript, how to setup IP with custom port so it could communicate with the 3rd party server?
Currently we have a customer that still use ClearPass for authentication but they want to sync it into Sangfor device. For Sangfor device, it require to contacted at certain port and use javascript to send the informations.

So, it could have the information details such as IP and User that being held by ClearPass.

Guru Elite

Re: ClearPass 3rd Party Context Server Actions

Context server actions make HTTP calls to external systems. You’d have to build a third party system to communicate with.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: ClearPass 3rd Party Context Server Actions

Hi Cappalli,

 

Is there any documentations for me to build my own custom HTTP calls? I bit confuse with the tech notes that available at the aruba support center.

 

Thank you

Guru Elite

Re: ClearPass 3rd Party Context Server Actions

You can look at the built-in examples.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: ClearPass 3rd Party Context Server Actions

Hi Cappalli,

 

Here is the example for the packet that will be sent to my 3rd party device.

GET /cgi-bin/caauth.cgi?ui=web&opr=logon&chk_cookie=0&info=MTAuOC41MC42L3Rlc3QuaGVsaW9zLy9uZXc HTTP/1.1
Host: 1.1.1.1:85
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.81 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: sf_emailcode_valid=; sf_emailcode_restTime=120

It's inform to my device at 1.1.1.1:85 and the operation is login. And for the informations, it consist of IP, user and group. But it encrypted with javascript functions. Is it possible to insert the javascript into ClearPass to make encrypted informations?

Guru Elite

Re: ClearPass 3rd Party Context Server Actions

No.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: ClearPass 3rd Party Context Server Actions

I want to make a new Generic HTTP Context Server Actions that to send the memberOf from AD with JSON method. What attribute should I use to get the memberOf? I tried %{memberOf} but no returns.

{"ip-address":"1.1.1.6",
"request": [{
"command":"add_user",
"username":"test.user",
"ip":"1.1.1.6",
"machine_name":"1.1.1.6",
"memberOf":"%{memberOf}",
"domain":"TESTDOMAIN",
"identity_source":"Aruba ClearPass Policy Manager",
"timeout":28800,
"fetch_roles":1,
"fetch_groups":1}]}
Guru Elite

Re: ClearPass 3rd Party Context Server Actions

Take the attribute name from access tracker and add the parameterized variable syntax.

%{attribute-name}

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: