Security

When using the Guest User Repository as an Authorization Source, I am able to see 'AccountEnabled' and the 'AccountExpired' attributes returned during MAC Auth. Is it possible to return other attributes? 

I am looking for a way for a customer to be able to extend a Guest Expiration time through the Guest / Manage Accounts interface. Although it can be modified it doesnt help. As we know, the MAC Auth service looks at the Endpoint repository for the MAC-Auth Expiry attribute and not the Guest User Repository (with the newly modified expiry). I was hoping I can just look at the Expire attribute directly in the Guest User Repository instead however I cant seem to reference this field in the MAC Auth policy. 

Any ideas?

I am not seeing it. Check the attached details. Maybe I am overlooking it?

Attachment(s)

Dashboard_Details.txt   5 KB 1 version

You'll need to edit the [Guest User Repository] auth source.

Under attributes, click Authorization.

Replace the entire query with:

SELECT
       CASE WHEN expire_time is null or expire_time > now() THEN 'false'
       ELSE 'true'
       END AS is_expired,
       CASE WHEN enabled = true THEN 'true' ELSE 'false' END as is_enabled,
       CASE WHEN expire_time > now() THEN CAST(EXTRACT(epoch FROM (expire_time - NOW())) AS INTEGER)
            ELSE 0
       END AS user_remaining_expiration
FROM tips_guest_users
WHERE ((guest_type = 'USER') AND (user_id = '%{Endpoint:Username}') AND (app_name != 'Onboard'))

In the editor, add a new attribute: user_remaining_expiration // User Remaining Expiration // Integer

Use that new attribute in your policy. Remember, the attribute won't be pulled (and thus wont' be visible in AT) unless you evalute it either in role mapping or enforcement.

That works perfectly. Thanks Tim!