Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass can use attributes in certs to affect roles applied to devices - where do I learn more?

This thread has been viewed 5 times

  • 1.  ClearPass can use attributes in certs to affect roles applied to devices - where do I learn more?

    Posted Oct 27, 2016 06:28 AM

    ClearPass can apparently use variables in x.509 certs, presented by clients within EAP-TLS auth, to change the role which is applied to individual clients.  How do I find out more about how ClearPass is configured to do this?  Also;  how do I find out how these cert variables might be manipulated, when the certs themselves are generated by CP OnBoard?    E.g. I want an OB user, approved by one Sponsor, to obtain different network access rights to a second OB user, approved by a different Sponsor...



  • 2.  RE: ClearPass can use attributes in certs to affect roles applied to devices - where do I learn more?

    Posted Oct 28, 2016 08:26 AM

    Er...   I think I may have found my own answer here, via this post:   https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-add-custom-attributes-to-the-Client-Certificate-during/ta-p/260778  

     

    Anyone confirm that I'm on the right track..?



  • 3.  RE: ClearPass can use attributes in certs to affect roles applied to devices - where do I learn more?

    EMPLOYEE
    Posted Oct 28, 2016 08:29 AM
    Yes, that would work.