Security

Reply
Contributor II

ClearPass can use attributes in certs to affect roles applied to devices - where do I learn more?

ClearPass can apparently use variables in x.509 certs, presented by clients within EAP-TLS auth, to change the role which is applied to individual clients.  How do I find out more about how ClearPass is configured to do this?  Also;  how do I find out how these cert variables might be manipulated, when the certs themselves are generated by CP OnBoard?    E.g. I want an OB user, approved by one Sponsor, to obtain different network access rights to a second OB user, approved by a different Sponsor...

Contributor II

Re: ClearPass can use attributes in certs to affect roles applied to devices - where do I learn more

Er...   I think I may have found my own answer here, via this post:   https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-add-custom-attributes-to-the-Client-Certificate-during/ta-p/260778  

 

Anyone confirm that I'm on the right track..?

Guru Elite

Re: ClearPass can use attributes in certs to affect roles applied to devices - where do I learn more

Yes, that would work.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: