Security

Reply
Regular Contributor I

Clearpass monthly access

Is there a way to allow guests access only for the current month?

i.e. if they signup on the first day of the month they access for the whole month, but if they signup on the last day of the month they only get 1 days access.

If this is possible could you give me some help as to what the details for this are.

Thanks.

Frequent Contributor I

Re: Clearpass monthly access

Hi MDRF,

 

This seems like an odd use case.  Are you able to elaborate on this further and i mayh be able to asssit you?

ACCX#1050 ACMP CWDP CWSP
Regular Contributor I

Re: Clearpass monthly access

Pretty simple requirement as far as the customer is concerned, they want people to create a new account each calendar month, so accounts can only be active during the current month.

Re: Clearpass monthly access

This is somewhat complicated but I have managed to configure this.

In your self reg page, edit the expire_after field and make it hidden and uncheck 'field required'.

Snip20180108_26.png

Add [Time Source] as an authorization source into your service.  We need to create a custom query for this as such.

Snip20180108_28.png

SELECT
DATE_PART('day', (date_trunc('month', localtimestamp(0)+ interval '1 month') - (localtimestamp(0)::timestamp)::timestamp)) * 24 * 60 +
DATE_PART('hour', (date_trunc('month', localtimestamp(0)+ interval '1 month') - (localtimestamp(0)::timestamp)::timestamp)) * 60 +
DATE_PART('min', (date_trunc('month', localtimestamp(0)+ interval '1 month') - (localtimestamp(0)::timestamp)::timestamp)) AS mins_month

 

Then in the enforcement profile for Expire Post Login, change the value in there to be the value of that query.

Snip20180108_29.png

When the user first logs in, that value will get updated for that account.

There may be a +- 1min either side of midnight due to rounding, but that shouldn't be an issue.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Regular Contributor I

Re: Clearpass monthly access

Hi Michael,

    Do I need to create the custom query as a "filter" under the "attribute" tab of the [Time Source]?

I've tried it this way but the item did not appear in the drop-down in the enforcement profile.

Highlighted

Re: Clearpass monthly access

That's it.  On the Attribute section just click on 'add new filter'.

 

It won't be in a drop down on the enforcement profile.  You'll need to type the value in.

Expire-Time-Update:GuestUser = %{Authorization:[Time Source]:Minutes Month}

 

Please bear in mind my own testing was limited and fairly rudimentary, but it did seem to work.  There may also be other better ways of achieving this.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Regular Contributor I

Re: Clearpass monthly access

Hi Micahel, yes, a colleague also spotted my mistake. I've set this correctly now but the account was created with 24 hours. When I went back and looked at the expire_after settings it has defaulted back to the "field required" being ticked and won't allow this to remain unticked.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: